It could be argued that we shouldn't be allowing concurrent access to the session. But that's not really a clustering issue; i.e. the problem can occurs in a non-clustered webapp. The Tomcat classes on which the clustered session management is based don't enforce such a requirement, so our clustered impls also don't . View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4155754#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...