Ales, Perhaps you can do an experiment: If you look at StandardSession.isValid(), you'll see a session will not expire if field accessCount > 0. The accessCount field will be > 0 if a call to access() is made without a corresponding call to endAccess(). Looking at ApplicationDispatcher (TC's impl of RequestDispatcher), one way I could see this happening is if an exception is thrown during a forward() or include() call. StandardSession.endAccess() is called by Request.recycle(); in ApplicationDispatcher.doForward() and doInclude(), recycle() will not be called if there is an exception. Can you perhaps add a valve or something to trap and record the session id associated with any request that throws an exception? And then correlate that to your sessions that aren't expiring. If they match, the above may be the culprit. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962330#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...