Description of problem: Where SPNEGO authentication takes place a HTTP session needs to be established to track the intermediate state of this negotiation, however as the valve needs to wrap calls to the next valve it is accidentally creating a session for all requests if a session does not already exist.
https://github.com/jbossas/jboss-eap/pull/2038
Verified in 6.4.0.DR11.