Data Security in Netweaver Web AS/Portal

Hi,

Lets say I have a Web dynpro application that retrieves very sensitive information from r/3 via a RFC call. This information is then displayed for the user to view either by the Web AS or by a portal iView running the webdynpro application.

After the user terminates the application either by closing the browser or logging out, will the sensitive information still reside somewhere in the J2EE engine/portal, hence putting the information at risk? Is there anyway to flush it out??

Are there any official SAP documents/help on this topic? I can't seem to locate any.