When your HttpSession time's out or when you call session.invalidate(), the container expires the caching of security credentials.
I believe you are referring to DefaultCacheTimeout in jboss-service.xml.
This specifies the default timed cache policy timeout in seconds.If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. Like wise 80000s means it will be cached for that many seconds, if session invalidation does not occur. If your HttpSession expires before that, it will be cleared. That is my understanding
Thanks so lot for your help, I noticed that the following configurations need to be done in order to have this to work properly:
<security-domain flushOnSessionInvalidation="true" >java:jaas/eluminate</security-domain>