diff --git a/multiuser/machine-auth/che-multiuser-machine-authentication-agent/src/main/java/org/eclipse/che/multiuser/machine/authentication/agent/MachineLoginFilter.java b/multiuser/machine-auth/che-multiuser-machine-authentication-agent/src/main/java/org/eclipse/che/multiuser/machine/authentication/agent/MachineLoginFilter.java
index 3f802a6018..1a03365145 100644
--- a/multiuser/machine-auth/che-multiuser-machine-authentication-agent/src/main/java/org/eclipse/che/multiuser/machine/authentication/agent/MachineLoginFilter.java
+++ b/multiuser/machine-auth/che-multiuser-machine-authentication-agent/src/main/java/org/eclipse/che/multiuser/machine/authentication/agent/MachineLoginFilter.java
@@ -79,7 +79,8 @@ public class MachineLoginFilter implements Filter {
 
     // sets subject from session
     final Subject sessionSubject;
-    if (session != null && (sessionSubject = (Subject) session.getAttribute("principal")) != null) {
+    if (session != null
+        && (sessionSubject = (Subject) session.getAttribute("che_subject")) != null) {
       try {
         EnvironmentContext.getCurrent().setSubject(sessionSubject);
         chain.doFilter(request, response);
@@ -115,7 +116,7 @@ public class MachineLoginFilter implements Filter {
                 false);
         EnvironmentContext.getCurrent().setSubject(subject);
         final HttpSession httpSession = httpRequest.getSession(true);
-        httpSession.setAttribute("principal", subject);
+        httpSession.setAttribute("che_subject", subject);
         chain.doFilter(request, response);
       } finally {
         EnvironmentContext.reset();
diff --git a/multiuser/machine-auth/che-multiuser-machine-authentication-agent/src/test/java/org/eclipse/che/multiuser/machine/authentication/agent/MachineLoginFilterTest.java b/multiuser/machine-auth/che-multiuser-machine-authentication-agent/src/test/java/org/eclipse/che/multiuser/machine/authentication/agent/MachineLoginFilterTest.java
index cdaa076632..f900c16b4d 100644
--- a/multiuser/machine-auth/che-multiuser-machine-authentication-agent/src/test/java/org/eclipse/che/multiuser/machine/authentication/agent/MachineLoginFilterTest.java
+++ b/multiuser/machine-auth/che-multiuser-machine-authentication-agent/src/test/java/org/eclipse/che/multiuser/machine/authentication/agent/MachineLoginFilterTest.java
@@ -59,7 +59,7 @@ public class MachineLoginFilterTest {
 
   private static final String SIGNATURE_ALGORITHM = "RSA";
   private static final String WORKSPACE_ID = "workspace31";
-  private static final String PRINCIPAL = "principal";
+  private static final String SUBJECT = "che_subject";
   private static final String USER_ID = "test_user31";
   private static final String USER_NAME = "test_user";
 
@@ -105,11 +105,11 @@ public class MachineLoginFilterTest {
 
   @Test
   public void testProcessRequestWithSubjectFromSession() throws Exception {
-    when(sessionMock.getAttribute(PRINCIPAL)).thenReturn(subject);
+    when(sessionMock.getAttribute(SUBJECT)).thenReturn(subject);
 
     machineLoginFilter.doFilter(getRequestMock(sessionMock, machineToken), responseMock, chainMock);
 
-    verify(sessionMock).getAttribute(PRINCIPAL);
+    verify(sessionMock).getAttribute(SUBJECT);
     verifyZeroInteractions(tokenExtractorMock);
   }
 
@@ -129,7 +129,7 @@ public class MachineLoginFilterTest {
     machineLoginFilter.doFilter(getRequestMock(null, machineToken), responseMock, chainMock);
 
     verify(tokenExtractorMock).getToken(any(HttpServletRequest.class));
-    verify(sessionMock).setAttribute(PRINCIPAL, subject);
+    verify(sessionMock).setAttribute(SUBJECT, subject);
     verifyZeroInteractions(responseMock);
   }
 
diff --git a/multiuser/machine-auth/che-multiuser-machine-authentication/src/main/java/org/eclipse/che/multiuser/machine/authentication/server/MachineLoginFilter.java b/multiuser/machine-auth/che-multiuser-machine-authentication/src/main/java/org/eclipse/che/multiuser/machine/authentication/server/MachineLoginFilter.java
index 26c0d1a52e..c074f715ea 100644
--- a/multiuser/machine-auth/che-multiuser-machine-authentication/src/main/java/org/eclipse/che/multiuser/machine/authentication/server/MachineLoginFilter.java
+++ b/multiuser/machine-auth/che-multiuser-machine-authentication/src/main/java/org/eclipse/che/multiuser/machine/authentication/server/MachineLoginFilter.java
@@ -33,6 +33,7 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import org.eclipse.che.api.core.NotFoundException;
 import org.eclipse.che.api.core.ServerException;
 import org.eclipse.che.api.user.server.UserManager;
@@ -83,21 +84,24 @@ public class MachineLoginFilter implements Filter {
     }
     // check token signature and verify is this token machine or not
     try {
-      final Claims claims = jwtParser.parseClaimsJws(token).getBody();
+      HttpSession session = ((HttpServletRequest) request).getSession(true);
+      Subject sessionSubject = (Subject) session.getAttribute("che_subject");
+      if (sessionSubject == null || !sessionSubject.getToken().equals(token)) {
+        try {
+          sessionSubject = extractSubject(token);
+          session.setAttribute("che_subject", sessionSubject);
+        } catch (NotFoundException e) {
+          sendErr(
+              response,
+              SC_UNAUTHORIZED,
+              "Authentication with machine token failed because user for this token no longer exist.");
+          return;
+        }
+      }
+
       try {
-        final String userId = claims.get(USER_ID_CLAIM, String.class);
-        // check if user with such id exists
-        final String userName = userManager.getById(userId).getName();
-        final Subject authorizedSubject =
-            new AuthorizedSubject(
-                new SubjectImpl(userName, userId, token, false), permissionChecker);
-        EnvironmentContext.getCurrent().setSubject(authorizedSubject);
-        chain.doFilter(addUserInRequest(httpRequest, authorizedSubject), response);
-      } catch (NotFoundException ex) {
-        sendErr(
-            response,
-            SC_UNAUTHORIZED,
-            "Authentication with machine token failed because user for this token no longer exist.");
+        EnvironmentContext.getCurrent().setSubject(sessionSubject);
+        chain.doFilter(addUserInRequest(httpRequest, sessionSubject), response);
       } finally {
         EnvironmentContext.reset();
       }
@@ -112,6 +116,16 @@ public class MachineLoginFilter implements Filter {
     }
   }
 
+  private Subject extractSubject(String token) throws NotFoundException, ServerException {
+    final Claims claims = jwtParser.parseClaimsJws(token).getBody();
+    final String userId = claims.get(USER_ID_CLAIM, String.class);
+    // check if user with such id exists
+    final String userName = userManager.getById(userId).getName();
+
+    return new AuthorizedSubject(
+        new SubjectImpl(userName, userId, token, false), permissionChecker);
+  }
+
   /** Sets given error code with err message into give response. */
   private static void sendErr(ServletResponse res, int errCode, String msg) throws IOException {
     final HttpServletResponse response = (HttpServletResponse) res;