This issue doesn't exist in Wildfly 19.0.0.Final. It started to happen in Wildfly 20 and still exists in the most current 26.0.1.Final.

The example application has a login page configured via <login-config> in web.xml, but this does also happen with jakarta-security's @LoginToContinue.

Having a redirect to a JSF login page when accessing a secured resource generates the following WELD warnings on every site acess:

WARN  [org.jboss.weld.Conversation] (default task-1) WELD-000335: Conversation context is already active, most likely it was not cleaned up properly during previous request processing: HttpServletRequestImpl [ GET /hello-world/secured/ ]

WARN  [org.jboss.weld.Servlet] (default task-1) WELD-000717: Unable to deactivate context org.jboss.weld.module.web.context.http.LazyHttpConversationContextImpl@230edec8 when destroying request HttpServletRequestImpl [ GET /hello-world/login.xhtml ]

These warnings do NOT appear, if the login site is accessed directly via http://localhost:8080/hello-world/login.xhtml. They do appear when accessing http://localhost:8080/hello-world/secured/ though.

I derived a minimal example project from the jsf 2.3 example project, which demonstrates the problem. It happens as soon as the first JSF component is introduced in login.xhtml (in this case <h:form>).