The last few week/months all our Jenkins users experience very a very slow web GUI after some time.
- In a clean browser (no cache, cookies) Jenkins is very fast
- After some time (workday - 8 hours of active Jenkins use), Jenkins GUI starts to slow down:
Loading jobs takes 10+ seconds, loading of static resources are very long pending etc.
Jenkins just isn't workable for users at that time.
- Logging out + in again does not fix it for that user.
- Removing the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE cookie fixes everything for that user and makes Jenkins blazing fast again.
So, what happens with the ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE?
Why does it cause the slowness after hours of use?
SECURITY-901 / CVE-2019-1003004 in Jenkins 2.150.2 introduced a security fix, but with a side effect that after some time (hours) the Jenkins GUI for that user starts to slow down to a crawl.