Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/security/Attic/SsoHandler.java,v
diff -u -r1.1.2.22 -r1.1.2.23
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	1 Dec 2016 07:43:31 -0000	1.1.2.22
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	2 Jan 2017 08:00:06 -0000	1.1.2.23
@@ -164,9 +164,13 @@
 
 		    HttpSession existingSession = SessionManager.getSessionForLogin(login);
 		    if (existingSession != null) {
-			// tell SessionListener not to flush credential cache on session destroy,
-			// otherwise this authentication processs fails
-			existingSession.setAttribute(NO_FLUSH_FLAG, true);
+			try {
+			    // tell SessionListener not to flush credential cache on session destroy,
+			    // otherwise this authentication processs fails
+			    existingSession.setAttribute(NO_FLUSH_FLAG, true);
+			} catch (IllegalStateException e) {
+			    // if it was already invalidated, do nothing
+			}
 			// remove an existing session for the given user
 			SessionManager.removeSessionByLogin(login, true);
 		    }