When there is an authenticated Principal in a HttpSession (after a login for exemple), the HttpSession should be successfully serialized during webapp redeployment. Redeployment is probably performed ...