Within a web application, you often need a state to create a session lifecycle. You may create a CDI named been with session scope, to keep track of some user data. Suppose, you have a JSF application. Assigned to your pages you might use named beans with request scope. If you need some session-wide info, you can use CDI:
@inject SessionBean mySessionBean
I moved an application which ran without known problems on GlassFish 3 to GlassFish 4. Everything worked fine, as long as I tested the app for myself. But using this app concurrent with other users, sometimes the app showed me a session timeout, could not restore a conversation or, in one case, showed me data of a concurrent user. It seemed, a SessionBean object of a different user had been injected to the request bean assigned to my request.
This issue might be in context with a memory leak of GlassFish in conjunction with Weld (CDI) . I didn’t check, whether this is a real cause, or if there is a different issue with the CDI implementation, but updating Weld to version 2.0.5 solved the problem. Or exactly: Since this update I could not reproduce this problem.
Usually, updating a module for GlassFish 4 is quite easy:
- Stop GlassFish domain
- Replace the module (jar file) in GlassFishHome/glassfish/modules
- Restart GlassFish domain
As the time of writing, you may also update JSF to version 2.2.5.
Because some posts exists for updating special modules (Weld , JSF ), I only described the general procedure for updating a module. And never forget to double-check whether your your updated environment is working as expected before going productive.
Read my Tutorial web development (with JSF).
Update: I recognized,  is not available sometimes. Try Weld Download at