session.invalidate -> SessionListenerBridge.sessionDestroyed

for(String attribute : session.getAttributeNames()))

session.getAttributeNames passes Map.keySet() directly w/o defensive copy,
removeAttribute causes ConcurrentModification:

java.util.ConcurrentModificationException
at java.util.HashMap$HashIterator.nextEntry(HashMap.java:806)
at java.util.HashMap$KeyIterator.next(HashMap.java:841)
at io.undertow.servlet.core.SessionListenerBridge.sessionDestroyed(SessionListenerBridge.java:46)
at io.undertow.server.session.SessionListeners.sessionDestroyed(SessionListeners.java:38)
at org.wildfly.clustering.web.undertow.session.SessionAdapter.invalidate(SessionAdapter.java:124)
at io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:161)
at com.sun.faces.context.ExternalContextImpl.invalidateSession(ExternalContextImpl.java:766)
at javax.faces.context.ExternalContextWrapper.invalidateSession(ExternalContextWrapper.java:821)
at javax.faces.context.ExternalContextWrapper.invalidateSession(ExternalContextWrapper.java:821)