Currently disabling encoding the session id is built into the HttpSessionSecurityContextRepository. We should decouple this by creating a DisableEncodeUrlFilter.
Currently disabling encoding the session id is built into the HttpSessionSecurityContextRepository. We should decouple this by creating a DisableEncodeUrlFilter.