When deploying distributable JEE applications it is not possible to invalidate a session scope when obtaining the scope based on the id, using org.wildfly.security.http.HttpServerScopes#getScope(org.wildfly.security.http.Scope, java.lang.String).

This is because the distributable session manager from Wildfly clustering subsystem returns a DistributableImmutableSession which does not support writes to the session and the invalidate method is a no-op.

This also implies that session scopes obtained by id cannot be used to set any attribute to the underlying session in Undertow.