I realized that when user is accessing a page when it is not logged in, the first thing that is happening is JSF lifecycle due to the error in SeamSecurityFilter:
if (!checkSecurityConstraints(hRequest.getServletPath(), hRequest.getMethod(), ident)) hResponse.sendRedirect(String.format("%s%s", hRequest.getContextPath(), config.getSecurityErrorPage())); chain.doFilter(request, response);
if (!checkSecurityConstraints(hRequest.getServletPath(), hRequest.getMethod(), ident)) hResponse.sendRedirect(String.format("%s%s", hRequest.getContextPath(), config.getSecurityErrorPage())); else chain.doFilter(request, response);
Fixed in CVS, thanks.