HI I am using WL6.1 and have implemented formbased authentication. my problem is that i have a logout button on each page that is supposed to logout the user and bring back the login page. I tried using session.invalidate()...this somehow seems to be futile ..as the user is not actually logged off and still is able to access the secure pages. whats the common technique used for this?