We prefer not to couple the cookie value with Identity's username field. We're actually using an encrypted hash instead. The problem is, initCredentialsFromCookie() is private and doesn't allow for overriding. I think I have a workaround, which is to ignore the seam cookie name and use my own, but it would be nice to make this method protected so I can just override it. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4066688#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...