On the class org.apache.catalina.session.StandardSession, method invalidate() it calls expire() which flags the session as invalid; setValid(false), then in the same expire method it calls removeAttributeInternal(keys[i], notify), this method makes a method call of: ((HttpSessionBindingListener) value).valueUnbound(event). When the implementing class tries to call: ttpSessionBindingEvent bindingEvent, bindingEvent.getSession().getId(); you get a IllegalStateException, the Session is Already Invalidated. This is caused because the setValid(false) should be set at the end of the expire() method after all objects are unbound. The implementation example I am having the problem with is on UPortal org.jasig.portal.jndi.JNDIManger.java class @Version $Revision: 1.32, on the valueUnbound (HttpSessionBindingEvent bindingEvent) method.
JBoss has implemented their ClusteredSession class correctly. See http://docs.jboss.org/jbossas/javadoc/4.0.2/org/jboss/web/tomcat/tc5/session/ClusteredSession.java.html Take note of their expire() method, the setValid(false) is at the end of the method.
*** This bug has been marked as a duplicate of 34107 ***
This an issue with UPortal not implementing the specification correctly. Many of their classes are implementing HttpSessionBindingListener when they should be implementing HttpSessionListener. See. http://www.ja-sig.org/issues/browse/UP-1524