This restore the previous behaviour which has been dropped by nexedi/erp5@63c3da2b

Because getSecurityManager().getUser() always returns "Anonymous User" when Base_getAutoLogoutSessionKey is called (from CookieCrumbler.modifyRequest), all users were sharing the same session which leads to user being all the time logged out.