Spring Security RequestedUrlRedirectInvalidSessionStrategy doesn't take servlet context path into account

Describe the bug When using RequestedUrlRedirectInvalidSessionStrategy as the invalid session strategy within the session management of the security filter chain, with a non-empty servlet context path configured, the context path is duplicated in the redirect URLs. For example, if the context path is "/app" and the requested URI is "/app/requested", then the redirect URL becomes "/app/app/requested".

To Reproduce Configure a non-empty context path such as "/app". Set an instance of RequestedUrlRedirectInvalidSessionStrategy as the invalid session strategy in the security filter chain. Access the app at "http://localhost:8080/app/requested" with an invalid session ID. Get redirected to "/app/app/requested".

Expected behavior The redirect should not duplicate the context path segments. It should be the same as the request URI, "/app/requested".

Sample

https://github.com/spring-projects/spring-security/compare/5.7.x...mches:spring-security:gh-12795