Actually I solved the problem by invalidating the session by calling session.invalidate() from logou.jsp (placed out of secured area) instead of calling it from JSF action bean and redirecting to secured area again using meta tag - kind of weird solution, but sending request.getRequestDispatcher("/secure/somethink.jsp").forward(request, response) did not invalidate seession (even after invalidation :))
Thanx 4 your reply.
Regards,
Kuba
[Message sent by forum member 'cubeek' (cubeek)]
http://forums.java.net/jive/thread.jspa?messageID=224784