What is the recommended practice regarding the use of login/logout on the LoginContext?
Is it viable to login the once and then either logout later, or rely on some form of session expiry for the login? If the timeout is available, how do you remain synchronized with the session in the web container? Can you tell if you're already logged in, therefore allowing each client to check this first before repeating an unnecessary process?
Or should all work, from a servlet for example, login, lookup and call EJBs, and then log out before proceeding to another page which might do the same?