Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
diff -u -r65aec4aac4e80981cd4f91951cae556642027139 -r63baa015c8da7d0ce849fb544c9011f1f2836515
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 65aec4aac4e80981cd4f91951cae556642027139)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 63baa015c8da7d0ce849fb544c9011f1f2836515)
@@ -100,7 +100,6 @@
 
 		// recreate session here in case it was invalidated in login.jsp by sysadmin's LoginAs
 		HttpSession session = request.getSession();
-
 		/*
 		 * Fetch UserDTO before completing request so putting it later in session is done ASAP
 		 * Response is sent in another thread and if UserDTO is not present in session when browser completes
@@ -177,12 +176,6 @@
 		if (login.equals(request.getRemoteUser())) {
 		    session.setAttribute(AttributeNames.USER, userDTO);
 
-		    // if user is already logged in on another browser, log him out
-		    if (existingSession != null) {
-			SessionManager.removeSessionByID(existingSession.getId(), true, false);
-			SsoHandler.logLogout(userDTO);
-		    }
-
 		    Integer failedAttempts = user.getFailedAttempts();
 		    if (failedAttempts != null && failedAttempts > 0 && password != null
 			    && !password.startsWith("#LAMS")) {
Index: lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java
===================================================================
diff -u -rc1c22cae1f9de439732bbb93eed949b583917af9 -r63baa015c8da7d0ce849fb544c9011f1f2836515
--- lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java	(.../SessionManager.java)	(revision c1c22cae1f9de439732bbb93eed949b583917af9)
+++ lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java	(.../SessionManager.java)	(revision 63baa015c8da7d0ce849fb544c9011f1f2836515)
@@ -39,8 +39,6 @@
 
 public class SessionManager {
     public static final String SYS_SESSION_COOKIE = "JSESSIONID";
-    // if this attribute is set in session, next call will force the user to log out
-    public static final String LOG_OUT_FLAG = "lamsLogOutFlag";
 
     // singleton
     private static SessionManager sessionManager;
@@ -74,11 +72,6 @@
      */
     public static void startSession(HttpServletRequest request) {
 	HttpSession session = request.getSession();
-	if (session.getAttribute(LOG_OUT_FLAG) != null) {
-	    // session was flagged for invalidation
-	    session.invalidate();
-	    throw new SecurityException("You were logged out");
-	}
 
 	String sessionId = session.getId();
 	sessionIdMapping.put(sessionId, session);
@@ -91,8 +84,8 @@
 	    // check if it's a different session and if so, which one is newer
 	    if (existingSession != null && !existingSession.getId().equals(sessionId)) {
 		if (session.getCreationTime() > existingSession.getCreationTime()) {
-		    // mark the other session for invalidation
-		    existingSession.setAttribute(LOG_OUT_FLAG, true);
+		    // invalidate the other session
+		    existingSession.invalidate();
 		} else {
 		    // invalidate this session
 		    session.invalidate();
@@ -122,10 +115,12 @@
 	SessionManager.loginMapping.remove(login);
 
 	if (invalidate) {
-	    // only mark for invalidation, not invalidate
-	    // otherwise on clustered environment we get problems with server-side invalidation of Infinispan distributed sessions
-	    // see WFLY-7281 and WFLY-7229; maybe it will work on WildFly 11
-	    session.setAttribute(LOG_OUT_FLAG, true);
+	    try {
+		session.invalidate();
+	    } catch (IllegalStateException e) {
+		System.out.println("SessionMananger invalidation exception");
+		// if it was already invalidated, do nothing
+	    }
 	}
     }
 
@@ -136,12 +131,13 @@
 	HttpSession session = SessionManager.getSession(sessionID);
 	if (session != null) {
 	    SessionManager.sessionIdMapping.remove(sessionID);
-
 	    if (invalidate) {
-		// only mark for invalidation, not invalidate
-		// otherwise on clustered environment we get problems with server-side invalidation of Infinispan distributed sessions
-		// see WFLY-7281 and WFLY-7229; maybe it will work on WildFly 11
-		session.setAttribute(LOG_OUT_FLAG, true);
+		try {
+		    session.invalidate();
+		} catch (IllegalStateException e) {
+		    System.out.println("SessionMananger invalidation exception");
+		    // if it was already invalidated, do nothing
+		}
 	    }
 	}
 	if (clearLoginMapping) {