As a marshalling optimization, the last access duration of a session (i.e. the duration of time since the session was created) is stored with second precision (since session timeouts only have second precision). However, we assume that a given distributed session is "new" if its last access duration is 0. When the backing cache is transactional, we don't perform any mutations when a new session is closed. Thus if a request arrives < 1 second after a session was created, any changes will not be replicated. Given the prevalence of redirects after a session is created, it is not unlikely that users will encounter this problem.
Essentially, the existing code assumes that Duration.ofSeconds(0) != Duration.ZERO. Unfortunately, this is false.