We've enabled Tomcat's SSO valve which is effectively very similar to what you're trying to do: http://www.andypemberton.com/jboss/securing-ajax-servlets-in-jboss-portal/ Though, can you further describe your apps and the "four different containers" they run in? Are the consumed with WSRP? How are the sessions initially established to those applications? The default behavior of the portal is to synchronize the session between the Portal and portlet WARs deployed to it. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4255535#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...