I was prototyping some code around Session management in Jenkins with standard Jetty's HashSessionManager. This session manager tries to serialize sessions and their attributes to the disk. In Jetty all session attributes are supposed to be serializable, especially if they declare the Serializable interface.

Jenkins core does not support clustering and thus serialization is widely disabled in the core. But Stapler should not use Jetty session attributes to store such metadata anyway. I my case it causes massive failures if I change Jetty session manager from the default one to a one, which really performs session serialization (e.g. HashSessionManager)