Problem: A user changes password in the backend security system, but can still authenticate with the previous password when connecting to SAP Mobile Server.
Description: SAP Mobile Server securely caches authenticated login credentials (1 hour by default), so that subsequent connection requests using the same credentials are not sent to the underlying security provider until the login cache timeout is reached. However, if the same user uses changed credentials, the authentication request is sent to the underlying security provider. The authorization outcome is not cached and always delegated to the security provider in the security configuration.
Solution: To reduce the cache period, decrease the default authentication cache timeout for a security configuration using SAP Control Center (go to the tab). Setting the property to 0 results in disabling the authentication caching (not recommended for performance reasons).