Successful logins are cached by the SecurityManager and maybe others.
This results in some problems as not every login goes through the configured LoginModules.
I am using a custom LoginModule which also does accounting by logging the logins per user.
Now I have two questions:
1. Is it possible to disable that caching so that every login is passed through the configured LoginModules? and if yes how?
2. Can I guarantee that every logout (either by explicitly killing the user's web session or by a session removal due to a timeout) is passed through the configured LoginModules logout() method?

thanks for yout help.