Index: lams_build/build_base.xml
===================================================================
RCS file: /usr/local/cvsroot/lams_build/build_base.xml,v
diff -u -r1.25.2.21 -r1.25.2.22
--- lams_build/build_base.xml	28 Jan 2015 14:49:15 -0000	1.25.2.21
+++ lams_build/build_base.xml	23 Oct 2015 16:13:51 -0000	1.25.2.22
@@ -34,6 +34,7 @@
 			<include name="javax/transaction/api/main/jboss-transaction-*.jar" />
 			<include name="org/javassist/main/javassist-*.jar" />
 			<include name="org/hibernate/main/hibernate-core-*.jar" />
+			<include name="org/picketbox/main/picketbox-*.jar" />
 			<include name="org/jboss/logging/main/jboss-logging-*.jar" />
 			<include name="org/jboss/log4j/logmanager/main/log4j-jboss-logmanager-*.jar" />
 			<include name="org/jboss/logmanager/main/jboss-logmanager-*.jar" />
Index: lams_build/lib/lams/lams-central.jar
===================================================================
RCS file: /usr/local/cvsroot/lams_build/lib/lams/lams-central.jar,v
diff -u -r1.81.2.10 -r1.81.2.11
Binary files differ
Index: lams_build/lib/lams/lams.jar
===================================================================
RCS file: /usr/local/cvsroot/lams_build/lib/lams/lams.jar,v
diff -u -r1.420.2.36 -r1.420.2.37
Binary files differ
Index: lams_central/.classpath
===================================================================
RCS file: /usr/local/cvsroot/lams_central/.classpath,v
diff -u -r1.20.2.19 -r1.20.2.20
--- lams_central/.classpath	25 Aug 2015 11:00:41 -0000	1.20.2.19
+++ lams_central/.classpath	23 Oct 2015 16:13:46 -0000	1.20.2.20
@@ -38,5 +38,6 @@
 	<classpathentry kind="var" path="WILDFLY_HOME/modules/system/layers/base/io/undertow/servlet/main/undertow-servlet-1.1.8.Final.jar" sourcepath="/3RDPARTY_SOURCES_PROJECT/undertow"/>
 	<classpathentry kind="var" path="WILDFLY_HOME/modules/system/layers/base/io/undertow/core/main/undertow-core-1.1.8.Final.jar" sourcepath="/3RDPARTY_SOURCES_PROJECT/undertow"/>
 	<classpathentry kind="var" path="WILDFLY_HOME/modules/system/layers/base/org/jdom/main/jdom-1.1.2.jar" sourcepath="/3RDPARTY_SOURCES_PROJECT/jdom"/>
+	<classpathentry kind="var" path="WILDFLY_HOME/modules/system/layers/base/org/picketbox/main/picketbox-4.0.21.Final.jar"/>
 	<classpathentry kind="output" path="bin"/>
 </classpath>
Index: lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java
===================================================================
RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java,v
diff -u -r1.7.22.3 -r1.7.22.4
--- lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java	11 Dec 2014 13:03:27 -0000	1.7.22.3
+++ lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java	23 Oct 2015 16:13:47 -0000	1.7.22.4
@@ -23,25 +23,36 @@
 /* $$Id$$ */
 package org.lamsfoundation.lams.web;
 
+import java.security.Principal;
 import java.util.Locale;
 
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
 import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionListener;
 import javax.servlet.jsp.jstl.core.Config;
 
+import org.apache.log4j.Logger;
+import org.jboss.security.CacheableManager;
+import org.lamsfoundation.lams.security.SimplePrincipal;
+import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
 import org.lamsfoundation.lams.util.Configuration;
 import org.lamsfoundation.lams.util.ConfigurationKeys;
 import org.lamsfoundation.lams.util.LanguageUtil;
 import org.lamsfoundation.lams.web.filter.LocaleFilter;
+import org.lamsfoundation.lams.web.util.AttributeNames;
 
 /**
  * Listens for creation of HTTP sessions. Sets inactive timeout and default locale.
  */
 
 public class SessionListener implements HttpSessionListener {
     private static int timeout; //in seconds
+    private static CacheableManager<?, Principal> authenticationManager;
 
+    private static Logger log = Logger.getLogger(SessionListener.class);
+
     static {
 	SessionListener.timeout = Configuration.getAsInt(ConfigurationKeys.INACTIVE_TIME);
     }
@@ -59,15 +70,34 @@
 	//LocaleFilter class. But this part code can cope with login.jsp Locale.
 	if (session != null) {
 	    String defaults[] = LanguageUtil.getDefaultLangCountry();
-	    Locale preferredLocale = new Locale(defaults[0] == null ? "" : defaults[0], defaults[1] == null ? ""
-		    : defaults[1]);
+	    Locale preferredLocale = new Locale(defaults[0] == null ? "" : defaults[0],
+		    defaults[1] == null ? "" : defaults[1]);
 	    session.setAttribute(LocaleFilter.PREFERRED_LOCALE_KEY, preferredLocale);
 	    Config.set(session, Config.FMT_LOCALE, preferredLocale);
 	}
     }
 
+    @SuppressWarnings("unchecked")
     @Override
-    public void sessionDestroyed(HttpSessionEvent se) {
-	//nothing to do
+    public void sessionDestroyed(HttpSessionEvent sessionEvent) {
+	if (SessionListener.authenticationManager == null) {
+	    try {
+		InitialContext initialContext = new InitialContext();
+		SessionListener.authenticationManager = (CacheableManager<?, Principal>) initialContext
+			.lookup("java:jboss/jaas/lams/authenticationMgr");
+	    } catch (NamingException e) {
+		SessionListener.log.error("Error while getting authentication manager.", e);
+	    }
+	}
+
+	// clear the authentication cache when the session is invalidated
+	HttpSession session = sessionEvent.getSession();
+	if (session != null) {
+	    UserDTO userDTO = (UserDTO) session.getAttribute(AttributeNames.USER);
+	    if (userDTO != null) {
+		Principal principal = new SimplePrincipal(userDTO.getLogin());
+		SessionListener.authenticationManager.flushCache(principal);
+	    }
+	}
     }
 }
\ No newline at end of file
