Document URL: https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/5/html-single/Release_Notes_5.0.1/index.html Section Number and Name: 7. Issues fixed in this release Security Issues JBPAPP-3079 Describe the issue: Doc says The Solution of flushing JBoss Authentication Cache is to uncomment the filter in Tomcat's web.xml, but filter must be added. The following KCS is right. Why does flushOnSessionInvalidation not flush the JAAS cache when sessions timeout on JBoss? https://access.redhat.com/site/solutions/169873 Suggestions for improvement: <current> You must uncolmment this filter in Tomcat's web.xml to use this feature. <TOBE> You must uncolmment add the filter in server/$PROFILE/deployers/jbossweb.deployer/web.xml to use this feature.