Spring UrlPathHelper#removeJsessionid doesn't remove the jsessionid from the URL

Affects: v5.2.10

---

The fix for issue 25864 re-introduced the UrlPathHelper#removeJsessionid method which should fix broken request mappings when the jsessionid is included in the request URI and removeSemicolonContent is turned off.

Unfortunately it doesn't work: It doesn't remove the jsessionid from a URI like /test;jsessionid=12345, i.e. the result of removeJsessionid("/test;jsessionid=12345") is the input string. With v5.2.8 it's /test, which is correct.

Thx for your help to make the request mappings work again.

Comment From: jhoeller

@rstoyanchev Looks like we need to revisit this once more... If such an issue remains, let's try to fix it for good in our December round of releases.

Comment From: rstoyanchev

@jkissel I don't understand what the issue is. We have a test that shows the correct behavior. Can you clarify?

Comment From: jkissel

I'm sorry, my example was too contrived. I checked myself: The length of the path before the ;jsessionid is the problem, so for example removeJsessionid("/aaaaaaaaaaa;jsessionid=12345") doesn't work.

I think the loop initializer is probably wrong: Instead of key.length() it should be index + key.length().

  private String removeJsessionid(String requestUri) {
    String key = ";jsessionid=";
    int index = requestUri.toLowerCase().indexOf(key);
    if (index == -1) {
      return requestUri;
    } else {
      String start = requestUri.substring(0, index);

      for(int i = index + key.length(); i < requestUri.length(); ++i) {
        char c = requestUri.charAt(i);
        if (c == ';' || c == '/') {
          return start + requestUri.substring(i);
        }
      }

      return start;
    }
  }