Security context in session grows with each load
Since the latest changes to security it seems something goes wrong with object serialization to the session. It grows exponentially with each page load until the memory limit is hit.
Reproducible by logging in and calling the same page again and again... Even failing login tries have that effect.