[ https://issues.jboss.org/browse/WFLY-7651?page=com.atlassian.jira.plugin.... ] Guillermo González de Agüero commented on WFLY-7651: ---------------------------------------------------- The workaround I found is to create an HttpServletRequestWrapper fixing the session validation checks: {code:java} public class WFLY7651RequestWrapper extends HttpServletRequestWrapper { private final HttpServletRequest request; public WFLY7651RequestWrapper(HttpServletRequest request) { super(request); this.request = request; } @Override public boolean isRequestedSessionIdValid() { HttpSession session = request.getSession(false); if (session == null) { return false; } try { session.getAttribute("xxx"); return true; } catch (IllegalStateException e) { return false; } } @Override public HttpSession getSession(boolean create) { HttpSession session = super.getSession(create); return isRequestedSessionIdValid() ? session : null; } } {code} {code:java} @WebFilter("/*") public class WFLY7651Filter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { ServletRequest wrappedRequest = request; if (request instanceof HttpServletRequest) { wrappedRequest = new WFLY7651RequestWrapper((HttpServletRequest) request); } chain.doFilter(wrappedRequest, response); } @Override public void destroy() { } } {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)