try {
// the web user exists, so update our SessionManager's session last-access-time
Subject subject = webUser.getSubject();
if (subject == null) {
throw new SessionNotFoundException("Web user not associated with a subject");
}
SessionManager.getInstance().getSubject(subject.getSessionId());
} catch (SessionNotFoundException snfe) {
session.removeAttribute(ParamConstants.USER_PARAM);