Spring Security CookieRequestCache handles URL encoded query parameters incorrectly

Describe the bug CookieRequestCache is used to save a request which contains an URL encoded query parameter. After restoring the saved request the request contains two values for this query parameter, the URL encoded and decoded form. If HttpSessionRequestCache is used, the query parameter is only present once, in decoded form.

Tested with Spring-Security 5.4.1.

To Reproduce 1. Run the sample project 2. Visit the url: http://localhost:8080/?goto=https%3A%2F%2Fstart.spring.io 3. The output is: https://start.spring.io,https%3A%2F%2Fstart.spring.io

Optional steps to see the difference to HttpSessionRequestCache: 4. Change the used RequestCache in RequestCacheConfiguration to HttpSessionRequestCache (in the sample project) 5. Visit the url from step 2 6. The output is: https://start.spring.io

Expected behavior The query parameter should only be present in decoded form. Therefore the output in step 3 should be https://start.spring.io.

Sample demo.zip

Comment From: eleftherias

Thanks for the detailed report @mengelbrecht! This is fixed in 7f482ed and I will be backporting it to the 5.4.x branch as well.