I have web application deployed on websphere application server 7.0. User logins using /j_security_check. When session timeout occures session ivnvalidates but request.getUserPrincipal() is still not null. I expect it should be null. How to clean user principal?
I have found solution in sphere documentation.