Description
Describe the bug
When using RequestedUrlRedirectInvalidSessionStrategy
as the invalid session strategy within the session management of the security filter chain, with a non-empty servlet context path configured, the context path is duplicated in the redirect URLs. For example, if the context path is "/app" and the requested URI is "/app/requested", then the redirect URL becomes "/app/app/requested".
To Reproduce
Configure a non-empty context path such as "/app". Set an instance of RequestedUrlRedirectInvalidSessionStrategy
as the invalid session strategy in the security filter chain. Access the app at "http://localhost:8080/app/requested" with an invalid session ID. Get redirected to "/app/app/requested".
Expected behavior
The redirect should not duplicate the context path segments. It should be the same as the request URI, "/app/requested".
Sample