Spring Security CookieRequestCache ignores user Locale

Describe the bug When using a CookieRequestCache, the first request after authentication is served using the platform's default Locale instead of the user's.

To Reproduce See sample app. Navigate directly to http://localhost:8080/some-home (log in with user:{generated-uuid}), the first request after authentication is served using the platform's default (in my case en-US) instead of fr-FR which my browser's asked. When refreshing, navigating, etc. after, all requests are served in french, respecting my Accept-Language header.

Expected behavior The first request after authentication should respect the user's language preference.

Sample saved-request-locale-bug.zip I have included 2 HAR files, one using the native CookieRequestCache and one using a fixed CookieRequestCache where the Locale is set in the created SavedRequest. It seems CookieRequestCache is only missing the line builder.setLocales(Collections.list(request.getLocales())); at line 77 (spring-security 6.1.1).

Comment From: marcusdacoregio

Thanks for the report @ArnaudLec, this is now fixed in 5.8.x, 6.0.x, 6.1.x and main