Well, in this post (http://www.liferay.com/community/forums/-/message_boards/message/7043335), a Liferay staffer writes:
"...if what you're trying to do is unauthenticate/reauthenticate users with every request, I would recommend writing a servlet filter rather than use the auto login hook mechanism (only possible in an ext plugin)."
I don't know too much about implementing servlet filters, but I can guess some things by looking at the AutoLoginFilter;
- The AutoLoginFilter class extends BasePortalFilter, which I think enables the ability to toggle on and off filters with the com.liferay.portal.servlet.filters.autologin.AutoLoginFilter=true like you've tried.
- The AutoLoginFilter is configured in <tomcat-dir>/webapps/ROOT/WEB-INF/web.xml (assuming you're using the tomcat bundle)
I'd guess that you have two options:
1) Create your own servlet filter, package it in a jar, drop it in <tomcat-dir>/webapps/ROOT/WEB-INF/lib, enable it in portal-ext.properties, configure it in web.xml
2) Create a modified version of AutoLoginFilter.class, package it in a jar, drop it in the lib folder, and see if it overrides the one that is in portal-impl.jar. I'm not sure if it will or not. I've not tried this before.
Either way, I'd guess you could copy the logic from AutoLoginFilter.java (source available from liferay.com) and remove the conditional "if ((remoteUser == null) && (jUserName == null))".
It sounds like there's an official way to create a servlet filter hook using Liferay's ext SDK, but I'm afraid I'm not sure whether or not this is possible in EID Studio. The Components SDK that is available from Oracle has an option that I've never tried in components/hooks. You might try creating one of those. Sorry I don't have more knowledge on this.