This happens because the browser is requesting the page from it's cache. It doesn't know that the page has actually expired (login was successful). You need to set the http expires header. This is appserver dependant.
For example using if you use SunOne Appserver 7, open the admin console in a browserand click on Http Servers->Virtual Server and select the server instance that is serving your app.
Click on the http/html tab and select cahce control directives and set the No Cache radio button.
This guarantees that the expires http header gets set to zero when the page is served so your browser will be forced to get the updated page.
As a side note, you wont see this behavior if you set your browser options so that it doesn't cache pages. However since you can't guarantee everyone visiting your page will do this, it's safer to set it on the
A workaround to this problem is to call your JSP page from a script. It won't work when called directly from the browser.
you could use something like: