Index: lams_build/lib/lams/lams.jar
===================================================================
RCS file: /usr/local/cvsroot/lams_build/lib/lams/lams.jar,v
diff -u -r1.420.2.81 -r1.420.2.82
Binary files differ
Index: lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java
===================================================================
RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java,v
diff -u -r1.7.22.7 -r1.7.22.8
--- lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java	11 May 2016 07:07:58 -0000	1.7.22.7
+++ lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java	4 Jul 2016 06:54:44 -0000	1.7.22.8
@@ -35,6 +35,7 @@
 
 import org.apache.log4j.Logger;
 import org.jboss.security.CacheableManager;
+import org.lamsfoundation.lams.integration.security.SsoHandler;
 import org.lamsfoundation.lams.security.SimplePrincipal;
 import org.lamsfoundation.lams.usermanagement.dto.UserDTO;
 import org.lamsfoundation.lams.util.Configuration;
@@ -96,12 +97,19 @@
 	if (session != null) {
 	    UserDTO userDTO = (UserDTO) session.getAttribute(AttributeNames.USER);
 	    if (userDTO != null) {
-		String login = userDTO.getLogin();
-		Principal principal = new SimplePrincipal(login);
-		SessionListener.authenticationManager.flushCache(principal);
-		// remove obsolete mappings to session
-		// the session is either already invalidated or will be very soon by another module
-		SessionManager.removeSession(login, false);
+		// this is set in SsoHandler
+		// if user logs in from another browser, cache must not be flushed,
+		// otherwise current authentication process fails
+		Boolean noFlush = (Boolean) session.getAttribute(SsoHandler.NO_FLUSH_FLAG);
+		if (!Boolean.TRUE.equals(noFlush)) {
+		    String login = userDTO.getLogin();
+		    Principal principal = new SimplePrincipal(login);
+		    SessionListener.authenticationManager.flushCache(principal);
+
+		    // remove obsolete mappings to session
+		    // the session is either already invalidated or will be very soon by another module
+		    SessionManager.removeSession(login, false);
+		}
 	    }
 	}
     }
Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/security/Attic/SsoHandler.java,v
diff -u -r1.1.2.15 -r1.1.2.16
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	5 May 2016 08:10:59 -0000	1.1.2.15
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	4 Jul 2016 06:54:19 -0000	1.1.2.16
@@ -55,6 +55,9 @@
 
     protected static final String SESSION_KEY = "io.undertow.servlet.form.auth.redirect.location";
 
+    // if this attribute is set in session, credential cache will not be cleared on session destro in SessionListener
+    public static final String NO_FLUSH_FLAG = "noFlush";
+
     @Override
     public void handleDeployment(final DeploymentInfo deploymentInfo, final ServletContext servletContext) {
 	// expose servlet context so other classes can use it
@@ -104,8 +107,15 @@
 
 		if (!StringUtils.isBlank(login) && login.equals(request.getRemoteUser())) {
 		    session.setAttribute(AttributeNames.USER, userDTO);
-		    // remove an existing session for the given user
-		    SessionManager.removeSession(login, true);
+
+		    HttpSession existingSession = SessionManager.getSessionForLogin(login);
+		    if (existingSession != null) {
+			// tell SessionListener not to flush credential cache on session destroy,
+			// otherwise this authentication processs fails
+			existingSession.setAttribute(NO_FLUSH_FLAG, true);
+			// remove an existing session for the given user
+			SessionManager.removeSession(login, true);
+		    }
 		    // register current session as the only one for the given user
 		    SessionManager.addSession(login, session);
 		}
Index: lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java,v
diff -u -r1.22.2.9 -r1.22.2.10
--- lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java	11 May 2016 07:07:26 -0000	1.22.2.9
+++ lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java	4 Jul 2016 06:54:20 -0000	1.22.2.10
@@ -121,6 +121,13 @@
     }
 
     /**
+     * Get system session by given login.
+     */
+    public static HttpSession getSessionForLogin(String login) {
+	return SessionManager.loginMapping.get(login);
+    }
+
+    /**
      * Returns number of sessions stored in the container.
      */
     public static int getSessionCount() {