The current JCR Session.impersonate() logic implemented in HippoLoginModule has a peculiar twist when impersonating another user through a System session (having the SystemPrincipal).
In that case, the SystemPrincipal is always added/set in the new session, resulting in the impersonated session again becoming a System session. Effectively a System session cannot be used to 'downgrade' to a different/user session right now.
While this can be considered a bug, fixing it 'proper' results in backwards incompatible behavior, if specific usages now expect/depend on this.
Some of these usages indeed exists in the core of Hippo CMS itself, like in the SCXML Document Workflow definition, expecting a "system" session to be used to executed scheduled workflow jobs.
For backwards compatibility therefore an intermediate solution will be provided as a workaround instead, while the proper fix will be done through a separate issue for the next major version.
The workaround to allow a System session to impersonate another user without becoming a System session again is provided through a new (and deprecated!) HippoSession.NO_SYSTEM_IMPERSONATION attribute name, which can be set on the SimpleCredentials parameter for the Session.impersonate() call like this:
The HippoSession.NO_SYSTEM_IMPERSONATION attribute is defined as follows: