Index: lams_central/src/java/org/lamsfoundation/lams/web/LoginRequestServlet.java
===================================================================
diff -u -r5773f84ed608838de3521ecde87c52f3c72d478c -rb5c07a6728774b4d7e9949c5a393b2c0453b2245
--- lams_central/src/java/org/lamsfoundation/lams/web/LoginRequestServlet.java	(.../LoginRequestServlet.java)	(revision 5773f84ed608838de3521ecde87c52f3c72d478c)
+++ lams_central/src/java/org/lamsfoundation/lams/web/LoginRequestServlet.java	(.../LoginRequestServlet.java)	(revision b5c07a6728774b4d7e9949c5a393b2c0453b2245)
@@ -44,6 +44,7 @@
 import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
 import org.lamsfoundation.lams.util.CentralConstants;
 import org.lamsfoundation.lams.util.WebUtil;
+import org.lamsfoundation.lams.web.session.SessionManager;
 import org.lamsfoundation.lams.web.util.AttributeNames;
 import org.springframework.web.context.support.WebApplicationContextUtils;
 
@@ -152,6 +153,9 @@
 		response.sendRedirect(response.encodeRedirectURL(url));
 		return;
 	    }
+	    
+	    // invalidate the existing session, if any
+	    SessionManager.removeSession(login, true);
 
 	    // check if there is a redirect URL parameter already
 	    String redirectURL = WebUtil.getBaseServerURL() + LoginRequestDispatcher.getRequestURL(request);