DataSourcePersistentManager error with FORM login

Setup database persistence as in http://community.jboss.org/wiki/HAWebSessionsviaDatabasePersistence Deploy a web application using database persistence and FORM authentication (see attached simpleWebApp.war) Access a protected resource, and submit the login form with the correct credentials. Expected outcome: requested resource is returned Actual outcome: 408 error

A software error resulted in a situation where neither the process of serving the login page nor handling the <code>POST</code> to <code>j_security_check</code> resulted in a call into <code>ClusteredSessionValve</code>, which is the part of the request pipeline that triggers replication of the session by storing it in the database. <code>FormAuthenticator</code> directly dispatched to the login page, and handled <code>j_security_check</code> itself. As a result, the session that was created before serving the login page was not persisted. When the authentication was complete and the request for the original URL came in, the session manager checked with the distributed store to see whether the local session copy was out of date. With <code>DataSourcePersistentManager</code>, that check was made to class <code>VersionBasedOutdatedSessionChecker</code>. <code>VersionBasedOutdatedSessionChecker</code> returned true because it could not find the session in the database. Because of the <code>true</code> return value, the session manager could not use the local session. It attempted to read it from the persistent store. It did not exist in the persistent store either, so a new session was created. To address this issue, <code>VersionBasedOutdatedSessionChecker</code> now checks the session's <code>getLastReplicated</code> method if it cannot find a persisted session. If the value is 0, the session is new, and has never been persisted, so it cannot be outdated. In that case it returns false.