I'm not sure why you need to disable server-side invalidation.

If the session is later accessed by another node, the thread initiated on the first node will still expire the session

Undeploy of the application will not kill threads started in this way, thus your application will leak its classloader

WFLYCLWEBUT0001 for server-side invalidated sessions ---------------------------------------------------- Key: WFLY-7229 URL: https://issues.jboss.org/browse/WFLY-7229 Project: WildFly Issue Type: Bug Components: Clustering, Web (Undertow) Affects Versions: 10.1.0.Final Environment: Happens whenever <distributable/> is used in web.xml, both in standalone and domain modes. Reporter: Michał Nowakowski Assignee: Paul Ferraro Attachments: stacktrace_01.txt, stacktrace_02.txt, stacktrace_03.txt, testPortlet.tar.gz Attached is a simple webapp (pardon the name) with a single servlet "/main", that does the following: - a session is assigned (or created, if none existed before) - its details are printed and the browser is told to refresh after 20 seconds - before the browser refreshes, the session is invalidated server-side by separate thread. Expected behaviour is, that WF should give the user a new session. That's indeed how it works in standalone mode and without <distributable/> in web.xml. But in domain mode, OR with <distributable/> added (and, possibly, full-ha profile chosen), I get errors: - The first stacktrace happens when the thread invalidates the session. - The second stacktrace happens, when the browser refreshes. The user sees "Error 500". - Then, after a minute or so, I get the last one. It then repeats periodically. We can't upgrade from 10.0 because of this - and we know we need an upgrade because of fixes in Infinispan.