diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index e75914fa4b..e07fc12de0 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -158,12 +158,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		return this.jwtConfigurer;
 	}
 
-	@Override
-	public void setBuilder(H http) {
-		super.setBuilder(http);
-		initSessionCreationPolicy(http);
-	}
-
 	@Override
 	public void init(H http) throws Exception {
 		registerDefaultAccessDeniedHandler(http);
@@ -252,12 +246,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		}
 	}
 
-	private void initSessionCreationPolicy(H http) {
-		if (http.getSharedObject(SessionCreationPolicy.class) == null) {
-			http.setSharedObject(SessionCreationPolicy.class, SessionCreationPolicy.STATELESS);
-		}
-	}
-
 	private void registerDefaultAccessDeniedHandler(H http) {
 		ExceptionHandlingConfigurer<H> exceptionHandling = http
 				.getConfigurer(ExceptionHandlingConfigurer.class);
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
index a50e123acf..2863a31241 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java
@@ -115,6 +115,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 import static org.springframework.web.bind.annotation.RequestMethod.GET;
 import static org.springframework.web.bind.annotation.RequestMethod.POST;
@@ -525,7 +526,7 @@ public class OAuth2ResourceServerConfigurerTests {
 	}
 
 	@Test
-	public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsNotCreated()
+	public void requestWhenUsingDefaultsAndNoBearerTokenThenSessionIsCreated()
 			throws Exception {
 
 		this.spring.register(DefaultConfig.class, BasicController.class).autowire();
@@ -534,7 +535,7 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(status().isUnauthorized())
 				.andReturn();
 
-		assertThat(result.getRequest().getSession(false)).isNull();
+		assertThat(result.getRequest().getSession(false)).isNotNull();
 	}
 
 	@Test
@@ -971,6 +972,32 @@ public class OAuth2ResourceServerConfigurerTests {
 				.andExpect(header().string(HttpHeaders.WWW_AUTHENTICATE, startsWith("Bearer")));
 	}
 
+	@Test
+	public void requestWhenFormLoginAndResourceServerEntryPointsThenSessionCreatedByRequest()
+			throws Exception {
+
+		this.spring.register(FormAndResourceServerConfig.class, JwtDecoderConfig.class).autowire();
+
+		JwtDecoder decoder = this.spring.getContext().getBean(JwtDecoder.class);
+		when(decoder.decode(anyString())).thenThrow(JwtException.class);
+
+		MvcResult result =
+				this.mvc.perform(get("/authenticated"))
+						.andExpect(status().isFound())
+						.andExpect(redirectedUrl("http://localhost/login"))
+						.andReturn();
+
+		assertThat(result.getRequest().getSession(false)).isNotNull();
+
+		result =
+				this.mvc.perform(get("/authenticated")
+						.with(bearerToken("token")))
+						.andExpect(status().isUnauthorized())
+						.andReturn();
+
+		assertThat(result.getRequest().getSession(false)).isNull();
+	}
+
 	@Test
 	public void requestWhenDefaultAndResourceServerAccessDeniedHandlersThenMatchedByRequest()
 			throws Exception {
@@ -1260,6 +1287,27 @@ public class OAuth2ResourceServerConfigurerTests {
 		}
 	}
 
+	@EnableWebSecurity
+	static class FormAndResourceServerConfig extends WebSecurityConfigurerAdapter {
+		@Override
+		protected void configure(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.authorizeRequests()
+					.anyRequest().authenticated()
+					.and()
+				.formLogin()
+					.and()
+				.oauth2ResourceServer()
+					.jwt();
+		}
+
+		@Bean
+		JwtDecoder jwtDecoder() {
+			return mock(JwtDecoder.class);
+		}
+	}
+
 	@EnableWebSecurity
 	static class JwtHalfConfiguredConfig extends WebSecurityConfigurerAdapter {
 		@Override