when one try to login, i.e. create a new HttpSessioin we just invalidate all existing sessions storing the same username.
Thanks
alot for your reply... Now can you please tell me how to get all the existing sessions and invalidate them on creation of a new session. I am using FORM based authentication in JAAS and using jboss4.0.0.
soni.