When our SessionDispatcher.Listener runs, it checks to see if it should shut the session down. This is done in a thread that runs every 10 seconds and when it checks, it synchonizes on the SessionMonitors while it does so:

     try {
         synchronized (SessionMonitors) {
             // Iterate over the session monitors using a copying iterator
             Iterator iterator = new
ArrayList(SessionMonitors.values()).iterator();
             while (iterator.hasNext()) {
                 final Monitor sessionMonitor = (Monitor) iterator.next();
                 sessionMonitor.shutdownIfExpired();
                 
ThreadLocalUtility.checkThreadLocals(ThreadLocalUtility.EXITING_SESSION_MONITOR);
             }
         }

         Thread.sleep(10000);
     } catch (InterruptedException e) {
         //ignore interrupts
     }

During the check to see if it should invalidate the session, it checks for a session attribute which, in WebSphere, appears to be a synchronized HashMap:

     Object o = session.getAttribute(POSITIVE_SESSION_TIMEOUT);

The other thread is a request to logout which invalidates the current session and then sends out a SessionDestroyed event which we listen for. This, presumably, locks down that same HashMap that holds the session attributes *before* it sends the SessionDestroyed event. So while our own internal thread has grabbed the lock on the SessionMonitors the logout thread grabbed the lock on the session attribute map. Our SessionMonitor cannot continue to shutdown without getting the session attribute and the logout thread cannot continue with the SessionDestroyed call because the SessionMonitors lock is taken.