2 end user reporting that they are seeing some other user's data and they also gave us the name and other info of that user which they were seeing on screen and i did check back in our db and those user are valid user who submit their information via our application. So i can't rule out, that session is not getting duplicated. However I never heard or seen session is getting duplicated in person. I have been testing so many times and never got other user's information Okay I have put the session.invalidate() at the end of application workflow process. Hoping it would reduce the chance of session collision. I am also logging the session id if it's get duplicated. Thanks for your support I would monitor View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4115080#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...