When sending multiple continuous update requests to the session service, the validation fails sporadically. It appears to be failing when checking whether the values that are being set are valid options. The list of valid options will sometimes only be partially populated or not populated at all. This seems to be down to the cached attributes being midway through refreshing when the request is made and therefore the options are not done refreshing.
This could potentially cause problems in a dev-ops environment where update requests will be made in a similar manner.
In a quick test I added a ReentrantReadWriteLock on the AttributeSchemaImpl class, which seems to have solved the problem. This however needs a lot more testing.
The attached script was used to reproduce the error.