@Singleton
@LocalBean

public class AccessCach implements HttpSessionListener{

    private ConcurrentHashMap<String, HttpSession> mapa = new ConcurrentHashMap<String, HttpSession>();
    
    
    public void newEnter(String idClient, HttpSession session){
        if(mapa.contains(idClient)){
            mapa.get(idClient).invalidate();
            mapa.remove(idClient);
            mapa.put(idClient, session);
        }
        else{
            mapa.put(idClient, session);
        }
    }

    @Override
    public void sessionCreated(HttpSessionEvent se) {
        //throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent se) {
        if(se.getSession().getAttribute("role").equals("client")){
            mapa.remove(((ClientInfo)se.getSession().getAttribute("roleObject")).getIdClient()+"c");
        }else if(se.getSession().getAttribute("role").equals("enterprise")){
            mapa.remove(((EnterpriseInfo)se.getSession().getAttribute("roleObject")).getIdEnterprise()+"e");
        }else{
            System.out.println("Problem");
        }
        
    }
}

String test = ei.getIdClient() + "c";
accessCach.newEnter(test, request.getSession());

A system exception occurred during an invocation on EJB AccessCach, method: public void com.trash.AccessCach.newEnter(java.lang.String,javax.servlet.http.HttpSession)

javax.ejb.EJBException at com.sun.ejb.containers.BaseContainer.processSystemException(BaseContainer.java:5215) at 
com.sun.ejb.containers.BaseContainer.completeNewTx(BaseContainer.java:5113) at  
com.sun.ejb.containers.BaseContainer.postInvokeTx(BaseContainer.java:4901) at  
com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2045) at  
com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:1994) at  
com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:222) at  
com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88) at  
com.sun.proxy.$Proxy572.newEnter(Unknown Source) at  
com.trash.__EJB31_Generated__AccessCach__Intf____Bean__.newEnter(Unknown Source ) at  
com.servletclient.ClientLogin.processRequest(ClientLogin.java:77) at com.servletclient.ClientLogin.doPost(ClientLogin.java:177) at  
javax.servlet.http.HttpServlet.service(HttpServlet.java:688) at javax.servlet.http.HttpServlet.service(HttpServlet.java:770) at  и т.д. 

@ConcurrencyManagement(ConcurrencyManagementType.CONTAINER)
@Singleton
@LocalBean

public class AccessCach implements HttpSessionListener {

    private ConcurrentHashMap<String, HttpSession> mapa = new ConcurrentHashMap<String, HttpSession>();

    @Lock(LockType.WRITE)
    public void Login(String idClient, HttpSession session) {
        //System.out.println("Method LOGIN: " + idClient + "," + session.getId());
        HttpSession s = mapa.get(idClient);
        if (s != null) {
            s.invalidate();
            mapa.put(idClient, session);
        } else {
            mapa.put(idClient, session);
        }
    }

    @Override
    public void sessionCreated(HttpSessionEvent se) {
        //throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
    }

    @Override
    @Lock(LockType.WRITE)
    public void sessionDestroyed(HttpSessionEvent se) {
        if (se.getSession().getAttribute("role").equals("client")) {
            mapa.remove(((ClientInfo) se.getSession().getAttribute("roleObject")).getIdClient() + "c");
        } else if (se.getSession().getAttribute("role").equals("enterprise")) {
            mapa.remove(((EnterpriseInfo) se.getSession().getAttribute("roleObject")).getIdEnterprise() + "e");
        } else {
            System.out.println("Problem");
        }
    }
}

	
A system exception occurred during an invocation on EJB AccessCach, method: public void com.ceit.detailor.back.api.v1.ejbs.cache.AccessCach.Login(java.lang.String,javax.servlet.http.HttpSession)

[SIZE=1]javax.ejb.EJBException at com.sun.ejb.containers.BaseContainer.processSystemException(BaseContainer.java:5215) at  
com.sun.ejb.containers.BaseContainer.completeNewTx(BaseContainer.java:5113) at  
com.sun.ejb.containers.BaseContainer.postInvokeTx(BaseContainer.java:4901) at  
com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2045) at  
com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:1994) at  
com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:222) at  
com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)  
at com.sun.proxy.$Proxy552.Login(Unknown Source) at 
com.ceit.detailor.back.api.v1.ejbs.cache.__EJB31_Generated__AccessCach__Intf____Bean__.Login(Unknown 
Source) at com.ceit.detailor.back.api.v1.servletclient.ClientLogin.processRequest(ClientLogin.java:77) at 
com.ceit.detailor.back.api.v1.servletclient.ClientLogin.doPost(ClientLogin.java:175) at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:688) at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:770) at 
org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1542) at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:343) at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217) at 
com.ceit.detailor.back.api.v1.Filters.Access_Control_Filter.doFilter(Access_Control_Filter.java:57) at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217) at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279) at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at 
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655) at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595) at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161) at 
org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331) at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231) at 
com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317) at 
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195) at 
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:849) at 
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:746) at 
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1045) at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228) at 
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137) at 
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104) at 
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90) at 
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79) at 
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54) at 
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59) at 
com.sun.grizzly.ContextTask.run(ContextTask.java:71) at 
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532) at 
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513) at 
java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalStateException: PWC2776: invalidate: Session 
already invalidated at org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1467) at 
org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:204) at 
com.ceit.detailor.back.api.v1.ejbs.cache.AccessCach.Login(AccessCach.java:39) at 
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at 
java.lang.reflect.Method.invoke(Method.java:606) at 
org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1052) at 
org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:1124) at 
com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:5388) at 
com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:619) at 
com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:800) at 
com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:571) at 
org.jboss.weld.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:42) at 
sun.reflect.GeneratedMethodAccessor2392.invoke(Unknown Source) at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at 
java.lang.reflect.Method.invoke(Method.java:606) at 
com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:861) at 
com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:800) at 
com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:571) at 
com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doAround(SystemInterceptorProxy.java:162) at 
com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:144) at 
sun.reflect.GeneratedMethodAccessor2396.invoke(Unknown Source) at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at 
java.lang.reflect.Method.invoke(Method.java:606) at 
com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:861) at 
com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:800) at 
com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:370) at 
com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:5360) at 
com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:5348) at 
com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:214) ... 36 
more[/SIZE]

	
StandardWrapperValve[ClientLogin]: PWC1406: Servlet.service() for servlet ClientLogin threw exception 
javax.ejb.EJBException at com.sun.ejb.containers.BaseContainer.processSystemException(BaseContainer.java:5215) 
at com.sun.ejb.containers.BaseContainer.completeNewTx(BaseContainer.java:5113) at 
com.sun.ejb.containers.BaseContainer.postInvokeTx(BaseContainer.java:4901) at 
com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2045) at 
com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:1994) at 
com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:222) at 
com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.j
ava:88) at com.sun.proxy.$Proxy552.Login(Unknown Source) at 
com.ceit.detailor.back.api.v1.ejbs.cache.__EJB31_Generated__AccessCach__Intf____Bean__.Login(Unknown 
Source) at com.ceit.detailor.back.api.v1.servletclient.ClientLogin.processRequest(ClientLogin.java:77) at 
com.ceit.detailor.back.api.v1.servletclient.ClientLogin.doPost(ClientLogin.java:175) at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:688) at 
javax.servlet.http.HttpServlet.service(HttpServlet.java:770) at 
org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1542) at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:343) at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217) at 
com.ceit.detailor.back.api.v1.Filters.Access_Control_Filter.doFilter(Access_Control_Filter.java:57) at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256) at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217) at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279) at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at 
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655) at 
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595) at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161) at 
org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331) at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231) at 
com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317) at 
com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195) at 
com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:849) at 
com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:746) at 
com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1045) at 
com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228) at 
com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137) at 
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104) at 
com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90) at 
com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79) at 
com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54) at 
com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59) at 
com.sun.grizzly.ContextTask.run(ContextTask.java:71) at 
com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532) at 
com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513) at 
java.lang.Thread.run(Thread.java:745) Caused by: java.lang.IllegalStateException: PWC2776: invalidate: Session 
already invalidated at org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1467) at 
org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:204) at 
com.ceit.detailor.back.api.v1.ejbs.cache.AccessCach.Login(AccessCach.java:39) at 
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at 
java.lang.reflect.Method.invoke(Method.java:606) at 
org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1052) at 
org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:1124) at 
com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:5388) at 
com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:619) at 
com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:800) at 
com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:571) at 
org.jboss.weld.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:42) at 
sun.reflect.GeneratedMethodAccessor2392.invoke(Unknown Source) at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at 
java.lang.reflect.Method.invoke(Method.java:606) at 
com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:861) at 
com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:800) at 
com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:571) at 
com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doAround(SystemInterceptorProxy.java:162) at 
com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:144) at 
sun.reflect.GeneratedMethodAccessor2396.invoke(Unknown Source) at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at 
java.lang.reflect.Method.invoke(Method.java:606) at 
com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:861) at 
com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:800) at 
com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:370) at 
com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:5360) at 
com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:5348) at 
com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:214) ... 36 
more

import java.util.ArrayList;
import java.util.concurrent.ConcurrentHashMap;
import javax.ejb.ConcurrencyManagement;
import javax.ejb.ConcurrencyManagementType;
import javax.ejb.Singleton;
import javax.ejb.LocalBean;

/**
 *
 * @author Dima
 */
@ConcurrencyManagement(ConcurrencyManagementType.CONTAINER)
@Singleton
@LocalBean

public class AccessCach {

    private ConcurrentHashMap<String, String> mapa = new ConcurrentHashMap<String, String>();
    ArrayList<String> keys = new ArrayList<String>();

    public String getValidSessionId(String idClient) {
        return mapa.get(idClient);
    }

    public void Login(String idClient, String session) {
        System.out.println("Method LOGIN: " + idClient + "," + session);
        mapa.put(idClient, session);
    }

    public void invalidateSession(String idClient) {
        System.out.println("Start destroy in cache");
        mapa.remove(idClient);

    }
}

import javax.ejb.EJB;
import javax.ejb.LocalBean;
import javax.ejb.Singleton;
import javax.servlet.annotation.WebListener;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;

/**
 *
 * @author Dima
 */
@Singleton
@LocalBean
@WebListener
public class AccessWebSessionListener implements HttpSessionListener {

    @EJB
    private AccessCach accessCach;

    @Override
    public void sessionCreated(HttpSessionEvent se) {
        //throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent se) {
        if (se.getSession().getAttribute("role") != null && se.getSession().getAttribute("role").equals("client")) {
            accessCach.invalidateSession(((ClientInfo) se.getSession().getAttribute("roleObject")).getIdClient() + "c");
            
        } else if (se.getSession().getAttribute("role") != null && se.getSession().getAttribute("role").equals("enterprise")) {
            accessCach.invalidateSession(((EnterpriseInfo) se.getSession().getAttribute("roleObject")).getIdEnterprise() + "e");
        } else {
            System.out.println("Problem");
        }
    }

}

@Stateless
@LocalBean
public class AccessValidator {

    @EJB
    private AccessCach accessCach;

    public boolean isValid(HttpServletRequest request, HttpServletResponse response, String idClient) {
        String value = accessCach.getValidSessionId(idClient);
        if (value != null && value.equals(request.getSession().getId())) {
            return true;

        } else {
            response.setStatus(401);
            request.getSession().invalidate();
            //-----дополнительные работы по сбору статистики
            return false;
        }
    }
}