This PR removes the LoginContext instance from the GenericPrincipal, which is being stored in the current session. Not only because the LoginContext contains sensitive information like the password used to authenticate the user but also because it is neither needed by the ServletEngine nor by the application.
This PR removes the LoginContext instance from the GenericPrincipal, which is being stored in the current session. Not only because the LoginContext contains sensitive information like the password used to authenticate the user but also because it is neither needed by the ServletEngine nor by the application.