Every EJB invocation goes over a single thread of execution.
Where does the client-login domain store your login credentials? It associates them with the thread that calls LoginContext.login().
This means that if you login from a Servlet, you probably won't continue to be logged in on your next HTTP request. Your login() call has authenticated the randomly-selected thread that serviced your first request, which probably won't be the same thread for subsequent requests. Even worse, another random user of your web application will inherit your credentials if they are serviced on your thread.
Therefore, whenever you call LoginContext.login(), you must also call LoginContext.logout(). On the same thread. Before your request is complete.
And I want each activation of the ActionExplain what exactly you mean here ?