Forgot to commit this crucial change. That means the fix for this bug is...

Forgot to commit this crucial change. That means the fix for this bug is actually in 1.205  (issue #1482)


git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@8301 71c3de6d-444a-0410-be80-ed276b4c234a

war/resources/WEB-INF/security/SecurityFilters.groovy

@@ -9,13 +9,13 @@ import hudson.security.BasicAuthenticationFilter
 import hudson.security.ChainedServletFilter
 import hudson.security.LegacyAuthenticationProcessingFilterEntryPoint
 import hudson.security.UnwrapSecurityExceptionFilter
-import org.acegisecurity.context.HttpSessionContextIntegrationFilter
 import org.acegisecurity.providers.anonymous.AnonymousProcessingFilter
 import org.acegisecurity.ui.ExceptionTranslationFilter
 import org.acegisecurity.ui.basicauth.BasicProcessingFilter
 import org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint
 import org.acegisecurity.ui.rememberme.RememberMeProcessingFilter
 import org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint
+import hudson.security.HttpSessionContextIntegrationFilter2
 
 // providers that apply to both patterns
 def commonProviders(entryPointClass,redirectUrl) {
@@ -37,7 +37,7 @@ def commonProviders(entryPointClass,redirectUrl) {
 filter(ChainedServletFilter) {
     filters = [
         // this persists the authentication across requests by using session
-        bean(HttpSessionContextIntegrationFilter) {
+        bean(HttpSessionContextIntegrationFilter2) {
         },
         // allow clients to submit basic authentication credential
         bean(BasicProcessingFilter) {