Got it!! ;-)) I've been digging Tomcat's code and the info to restore the request after the User has been authenticated is stored in a org.apache.catalina.authenticator.SavedRequest object which as you said is not Serializable and it is stored via setNote(Sting,Object) method of org.apache.catalina.session.StandardSession inherited (and implemented) from org.apache.catalina.Session (so, that's not an standard method of javax.servlet.http.HttpSession as you know). A fast peek at JBoss' source code seem to reveal that none of that internal savedrequest notes is neither serialized nor replicated. Will it be worth to give it a try to implement replication of that form-based authentication notes in JBoss clustered sessions? If so, I would be very pleased to do it but also would appreciate some architectural hints to get the job done. Greets View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3969064#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...