While my web application was running, I made a change to the login jsp page in the $JBOSS_HOME/server/default/tmp... directory to warn users of a deadline that had passed and to disable the login field.

This worked fine by accessing the root dir of the web application i.e. http://myserver.com/mywebapplication/

However, I found that some users found a back door. They had bookmarked the login page (http://myserver.com/mywebapplication/Index.jsp).

This page was still showing the old version and letting users still login. DOH!

Bit of a strange one I thought. Anyone know how I could stop this happening without having to restart JBOSS or redploy the web app?

Thoughts would be most appreciated! BTW, I am using JBOSS 4.0.2 on Redhat ES 3.0.