Affects: v5.2.9 (and probably v5.3.0)

In our project, we setup the UrlPathHelper to not remove semicolon content, because we want to use matrix variables. Until and including v5.2.8, the jsessionid parameter was still removed from URLs. The parameter is injected into the URL by servlet containers if cookies cannot be used for session tracking (e.g. because the client doesn't accept cookies) or if the server was configured explicitly to use the URL for session tracking.

Starting with v5.2.9, the parameter is not removed anymore, which breaks our request mappings: For example a request to /data;jsessionId=1234 cannot be mapped to the endpoint with the @RequestMapping("/data") because of the additional jsessionid parameter and the result is an HTTP status 404 (Not Found).

The change was introduced with commit 899761f0a8890353dc01f10d2af96ae192f3e655 where the removeJsessionid() method was removed without (obvious) replacement.

Thx for your help to make the request mappings work again.

Comment From: rstoyanchev

The commit was meant to be self-sufficient with jsessionId simply ignored later when injecting @MatrixVariable values but it also impacts mappings for methods that don't expect any such parameters and so it is a regression.

As a workaround in the mean time probably best to insert your own UrlPathHelper and override removeSemicolonContent.

Comment From: jkissel

As a workaround in the mean time probably best to insert your own UrlPathHelper and override removeSemicolonContent.

Makes sense :+1: And thank you for the quick fix.