Index: lams_build/lib/lams/lams.jar
===================================================================
diff -u -r506e82d55455419723f11c0a8f99270b39f04055 -r8b469ff18d080eb020107ad2b0de5ad6b887854c
Binary files differ
Index: lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java
===================================================================
diff -u -r51fb2a37254f24bb2a805d4ffd54482c779f43fa -r8b469ff18d080eb020107ad2b0de5ad6b887854c
--- lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java	(.../SessionListener.java)	(revision 51fb2a37254f24bb2a805d4ffd54482c779f43fa)
+++ lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java	(.../SessionListener.java)	(revision 8b469ff18d080eb020107ad2b0de5ad6b887854c)
@@ -35,6 +35,7 @@
 
 import org.apache.log4j.Logger;
 import org.jboss.security.CacheableManager;
+import org.lamsfoundation.lams.integration.security.SsoHandler;
 import org.lamsfoundation.lams.security.SimplePrincipal;
 import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
 import org.lamsfoundation.lams.util.Configuration;
@@ -96,12 +97,19 @@
 	if (session != null) {
 	    UserDTO userDTO = (UserDTO) session.getAttribute(AttributeNames.USER);
 	    if (userDTO != null) {
-		String login = userDTO.getLogin();
-		Principal principal = new SimplePrincipal(login);
-		SessionListener.authenticationManager.flushCache(principal);
-		// remove obsolete mappings to session
-		// the session is either already invalidated or will be very soon by another module
-		SessionManager.removeSession(login, false);
+		// this is set in SsoHandler
+		// if user logs in from another browser, cache must not be flushed,
+		// otherwise current authentication process fails
+		Boolean noFlush = (Boolean) session.getAttribute(SsoHandler.NO_FLUSH_FLAG);
+		if (!Boolean.TRUE.equals(noFlush)) {
+		    String login = userDTO.getLogin();
+		    Principal principal = new SimplePrincipal(login);
+		    SessionListener.authenticationManager.flushCache(principal);
+
+		    // remove obsolete mappings to session
+		    // the session is either already invalidated or will be very soon by another module
+		    SessionManager.removeSession(login, false);
+		}
 	    }
 	}
     }
Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
diff -u -r5773f84ed608838de3521ecde87c52f3c72d478c -r8b469ff18d080eb020107ad2b0de5ad6b887854c
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 5773f84ed608838de3521ecde87c52f3c72d478c)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 8b469ff18d080eb020107ad2b0de5ad6b887854c)
@@ -55,6 +55,9 @@
 
     protected static final String SESSION_KEY = "io.undertow.servlet.form.auth.redirect.location";
 
+    // if this attribute is set in session, credential cache will not be cleared on session destro in SessionListener
+    public static final String NO_FLUSH_FLAG = "noFlush";
+
     @Override
     public void handleDeployment(final DeploymentInfo deploymentInfo, final ServletContext servletContext) {
 	// expose servlet context so other classes can use it
@@ -104,8 +107,15 @@
 
 		if (!StringUtils.isBlank(login) && login.equals(request.getRemoteUser())) {
 		    session.setAttribute(AttributeNames.USER, userDTO);
-		    // remove an existing session for the given user
-		    SessionManager.removeSession(login, true);
+
+		    HttpSession existingSession = SessionManager.getSessionForLogin(login);
+		    if (existingSession != null) {
+			// tell SessionListener not to flush credential cache on session destroy,
+			// otherwise this authentication processs fails
+			existingSession.setAttribute(NO_FLUSH_FLAG, true);
+			// remove an existing session for the given user
+			SessionManager.removeSession(login, true);
+		    }
 		    // register current session as the only one for the given user
 		    SessionManager.addSession(login, session);
 		}
Index: lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java
===================================================================
diff -u -r51fb2a37254f24bb2a805d4ffd54482c779f43fa -r8b469ff18d080eb020107ad2b0de5ad6b887854c
--- lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java	(.../SessionManager.java)	(revision 51fb2a37254f24bb2a805d4ffd54482c779f43fa)
+++ lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java	(.../SessionManager.java)	(revision 8b469ff18d080eb020107ad2b0de5ad6b887854c)
@@ -121,6 +121,13 @@
     }
 
     /**
+     * Get system session by given login.
+     */
+    public static HttpSession getSessionForLogin(String login) {
+	return SessionManager.loginMapping.get(login);
+    }
+
+    /**
      * Returns number of sessions stored in the container.
      */
     public static int getSessionCount() {