Yes. Don't invent your own security system. This is just one of many problems you'll have. And welcome to the JavaRanch, Igor!
If you hang around here for long you'll see a lot of me ranting on home-made login systems. It's because they just don't work. Unfortunately, it seems like almost every
Java book out there has examples with user-defined logins in them. But I've been working with
J2EE since before JSPs were even invented, and I've never seen a single do-it-yourself security system that was really secure. Most of them aren't secure at all, in fact. They're like a house with a lock on the front door and no door on the back door. They're also expensive to maintain, extra work to code and debug, and - well, I'm up to about 12 reasons why doing your own security system is just plain bad.
There's a login/security system that comes as part of the J2EE security standard, and it won't force people to login multiple times. It's good enough "as is" for most applications, and there are some good pre-coded/pre-debugged security frameworks that can work with it if you need more.
Security is hard work. It's better to take advantage of someone else's hard work. Especially since the people who designed the J2EE standard security system were security professionals.