I am using JBoss AS 4.2.3 JBossSeam 2.1 My Problem is that I can login/logout with different users as long as I do not enter a wrong password for one user. If this happens it is not possible to authenticate any user. Authentication always fails. If I delete the browser cookies everything works fine. I have tried to set DefaultCacheTimeout and DefaultCacheResolution to 0 but without luck. Why does JBoss cache wrong credentials?