The fix allows to explicitly disable automatic page refreshes in the @view extensions.
Resolves https://issues.jenkins-ci.org/browse/JENKINS-21190Signed-off-by: NOleg Nenashev <o.v.nenashev@gmail.com>

1 - Link to user's ID, which is properly escaped.
2 - Display user's full name if possible, otherwise their ID.

This should aid theme developers in developing plugins for Jenkins by adding
CSS classes and ID's to the dom. Developers can then use these to more
specifically target elements that they want.

For example, the "Console Output" was a raw <pre> tag embedded in a <table>.
Styling it required CSS like so:

    #main-panel > pre {

Sadly this will apply to any <pre> elements nested directly under the
"#main-panel" ID; there's no way to get more specific to the console output.

With this change you can style the console output by writing:

    .console-output {

Which is much more direct (and more efficient for browsers to render).

A similar treatment is applied to a number of elements in the jenkins UI.

The exception handler ended up adding almost all the headers again,
resulting in a lot of duplicate headers.

Most critically, stapler was adding "Content-Encoding" header twice,
breaking browsers.

Reverting to head for layout.jelly, and adding the default `has-default-text` back into the search box

Taking out the `defaulted` js logic with the search-box, and embracing CSS3's 'placeholder' attribute.
Prettying up the search box

Observations:

- When marked inside, moving the mouse to <A> and clicking the context menu becomes easier,
  because you can move the mouse toward the hot spot area and it'll activate.
  Otherwise you have to move the mouse over to <A>, then move the mouse on the side, click it,
  then click the menu, which adds cognitive stress.

- Marking model link as inside creates an empty space to the right of <A>, which looks
  odd if hyperlinks appear inline or if some other text follows it.

Given that, my guiding principle for this change is:

- any model link that is the last child of a block element gets marked as inside
- I've adjust a few text to get rid of the single-letter training text after a model link,
  like "(#3)" to "- #3"
- If another inline element follows a model link, leave it as is.
  This does create an ugly overlap.

This prevents one pixel height difference between the logo and the title
bar background.

This reverts commit c8e5cb93.

This value changes every time Jenkins starts, which allows HTTP clients to reliably wait for Jenkins restart.

It uses Diffie Hellman to come up with one-time session key, then have
the server sign this session key to allow the client to verify that
there's no man in the middle.

If a resource with 'Set-Cookie' header is cached (either by intermediary
like HTTP proxy and reverse proxy, or by the browser), it'll cause
identity swap / session mix-up as discussed in this ticket.

I suspect this was caused by HttpSessionContextIntegrationFilter2, which
is the only code path that attempts to create a session when a request
to a static resource is made.

So I'm disabling the creation of session in
HttpSessionContextIntegrationFilter2. This in turn requires that we
have sessions already created when the authentication was successful and
people need to login (or else the login will have no effect.)

We already do so in layout.jelly, so any request that renders a Jenkins
page would have a session, but I've also added it in
AuthenticationProcessingFilter2, which ensures that a successful login
does have a session.

This is useful for adding in-page navigation in a large page.

workaround.

    
There's already a plugin[1] which enables support for this, and it also
provides more configuration options. The user may not want to code the
'chrome=1' and thereby force CF for all installations. Also, the plugin
allows the install to send the CFInstall javascript launcher.
    
[1] https://wiki.jenkins-ci.org/display/JENKINS/Chrome+Frame+Plugin