The last few week/months all our Jenkins users experience very a very slow web GUI after some time. 

Situation:

• In a clean browser (no cache, cookies) Jenkins is very fast
• After some time (workday - 8 hours of active Jenkins use), Jenkins GUI starts to slow down:
  Loading jobs takes 10+ seconds, loading of static resources are very long pending etc.
  Jenkins just isn't workable for users at that time.
• Logging out + in again does not fix it for that user.
• Removing the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookie fixes everything for that user and makes Jenkins blazing fast again.

 So, what happens with the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE? 
Why does it cause the slowness after hours of use?

 [update]

 SECURITY-901 / CVE-2019-1003004 in Jenkins 2.150.2 introduced a security fix, but with a side effect that after some time (hours) the Jenkins GUI for that user starts to slow down to a crawl.