Index: src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java
===================================================================
--- src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java	(revision 15599)
+++ src/main/java/com/xpn/xwiki/user/impl/xwiki/XWikiAuthServiceImpl.java	(working copy)
@@ -195,9 +195,6 @@
 
         XWikiAuthenticator auth = getAuthenticator(context);
         SecurityRequestWrapper wrappedRequest = new SecurityRequestWrapper(request, null, null, auth.getAuthMethod());
-        // We need to make we will not user the principal
-        // associated with the app server session
-        wrappedRequest.setUserPrincipal(null);
 
         try {
             if (auth.processLogin(wrappedRequest, response, context)) {
Index: src/main/java/com/xpn/xwiki/user/impl/xwiki/MyFormAuthenticator.java
===================================================================
--- src/main/java/com/xpn/xwiki/user/impl/xwiki/MyFormAuthenticator.java	(revision 15599)
+++ src/main/java/com/xpn/xwiki/user/impl/xwiki/MyFormAuthenticator.java	(working copy)
@@ -126,16 +126,20 @@
                 convertUsername(this.persistentLoginManager.getRememberedUsername(request, response), context);
             String password = this.persistentLoginManager.getRememberedPassword(request, response);
 
-            Principal principal = authenticate(username, password, context);
+            Principal principal = request.getUserPrincipal();
+
+            if (principal == null || context.getWiki().ParamAsLong("xwiki.authentication.always", 0) == 1) {
+                principal = authenticate(username, password, context);
 
-            if (principal != null) {
-                if (log.isDebugEnabled()) {
-                    log.debug("User " + principal.getName() + " has been authentified from cookie");
+                if (principal != null) {
+                    if (log.isDebugEnabled()) {
+                        log.debug("User " + principal.getName() + " has been authentified from cookie");
+                    }
+                    request.setUserPrincipal(principal);
+                } else if (username != null || password != null) {
+                    // failed authentication with remembered login, better forget login now
+                    this.persistentLoginManager.forgetLogin(request, response);
                 }
-                request.setUserPrincipal(principal);
-            } else if (username != null || password != null) {
-                // failed authentication with remembered login, better forget login now
-                this.persistentLoginManager.forgetLogin(request, response);
             }
         }