I had a similar issue when I began creating a web service in Seam. For me it turned out to be a problem with my client application and not the web service itself. My client application is written in .NET and by default it does not maintaing cookies for web services. As soon as I turned on cookie support I was able to keep my identity logged in between web service calls. This sounds like what is happening in your case. Since the session id cookie is not getting passed back to the web service on the second call, it can't figure out which user you are and assumes you are a new user instead.