Currently, WildFly only supports server-side HttpSession management, where session attributes and metadata are stored on the server, and referenced by clients via unique identifier.
Consequently, applications that use the HttpSession for user state are inherently stateful.
To better support stateless workloads, WildFly should provide a pure client-side SessionManager, where session attributes and metadata are persisted as cookies. This is meant to support this specific use case only, and will require documenting the limitations of this approach, specifically with respect to concurrency, payload size, confidentiality considerations, lack of expiration notifications, etc.