Keep Coding

After migration from Spring Security 4.0.x to Spring Security 4.1.0.RELEASE i cannot restore SecurityContext from session because of different serialVersionUID.
public class SecurityContextImpl implements SecurityContext {
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
...
}
exception:
Exception while loading session data
java.lang.RuntimeException: java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 400, local class serialVersionUID = 410
at com.google.apphosting.runtime.SessionManagerUtil.deserialize(SessionManagerUtil.java:58)
at com.google.apphosting.runtime.DatastoreSessionStore.createSessionFromEntity(DatastoreSessionStore.java:58)
at com.google.apphosting.runtime.DatastoreSessionStore.getSession(DatastoreSessionStore.java:85)
at com.google.apphosting.runtime.jetty.SessionManager.loadSession(SessionManager.java:330)
at com.google.apphosting.runtime.jetty.SessionManager.getSession(SessionManager.java:303)
at org.mortbay.jetty.servlet.AbstractSessionManager.getHttpSession(AbstractSessionManager.java:237)
at org.mortbay.jetty.servlet.SessionHandler.setRequestedId(SessionHandler.java:246)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:136)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:260)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:78)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:148)
at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:468)
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:439)
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:446)
at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:256)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:310)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:302)
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:443)
at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:235)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.InvalidClassException: org.springframework.security.core.context.SecurityContextImpl; local class incompatible: stream classdesc serialVersionUID = 400, local class serialVersionUID = 410
at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:617)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1746)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1630)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1907)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1462)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:417)
at java.util.HashMap.readObject(HashMap.java:1182)
at sun.reflect.GeneratedMethodAccessor65.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:1017)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:2040)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1936)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1462)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:417)
at com.google.apphosting.runtime.SessionManagerUtil.deserialize(SessionManagerUtil.java:56)
... 26 more

I encountered the same issue. For my case, it was due to the XML schema version of web security configuration.
It was
http://www.springframework.org/schema/security/spring-security-4.0.xsd
It was fixed after I set it to
http://www.springframework.org/schema/security/spring-security-4.1.xsd

You cannot restore those sessions given the Spring security update, as suggested by M. Deinum. They must be cleared to begin using sessions properly again. You can do this, as Igor suggested, by deleting _ah_SESSION entities in the Datastore.