Hi! Currently I've an application where my own parameter form takes the interacts with the user and the values provided by the user are added to a url which redirects to jasperServer and the report is opened. I send the user name and password in the url in order to prevent the login screen and so that the url go directly to the report. But this thing seriously disturbs my own application's checks. Anyone can access any report by changing the url. The thing I want is that this login activity should be performed in my application and and once the report window, which is a popup, is closed, the session is closed from with in my application. The JavaScript call I make in order to call the report is like this: JavascriptContext.addJavascriptCall(FacesContext.getCurrentInstance(), "window.open('" + url + "', 'ReportWindow', " + "'scrollbars=yes,location=no,height=600,width=800,resizable=yes');"); Any solutions/ideas please. Thanks.