Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
diff -u -r3128a284bb6912434230a267f5bc17a4ab03ca67 -rec71af23e29595518d397cdab945012f97093dc8
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 3128a284bb6912434230a267f5bc17a4ab03ca67)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision ec71af23e29595518d397cdab945012f97093dc8)
@@ -164,9 +164,13 @@
 
 		    HttpSession existingSession = SessionManager.getSessionForLogin(login);
 		    if (existingSession != null) {
-			// tell SessionListener not to flush credential cache on session destroy,
-			// otherwise this authentication processs fails
-			existingSession.setAttribute(NO_FLUSH_FLAG, true);
+			try {
+			    // tell SessionListener not to flush credential cache on session destroy,
+			    // otherwise this authentication processs fails
+			    existingSession.setAttribute(NO_FLUSH_FLAG, true);
+			} catch (IllegalStateException e) {
+			    // if it was already invalidated, do nothing
+			}
 			// remove an existing session for the given user
 			SessionManager.removeSessionByLogin(login, true);
 		    }