I have a web-app which uses FORM based authentication with DataBaseServerLoginModule. It works fine and the users are getting authenticated. When a user clicks a logout button, a logout JSP page is called and it has
this calls again some times the login page and sometimes a page inside protected area without authentication.
Also we are able to see the previous page before logout by clicking Browser back button.
Is the session properly invalidated or JBoss has any other method to accomplish this
Thanks in advance
You don't say what version, or what web container you are using...
Are you sure the pages aren't being cached in your browser? Have you set the appropriate headers to prevent this?