Endless Loop on URLs with ; and ? in querystring

Created by: wlet

Hi,

I noticed the following behavior. If an URI contains a ; and a jsessionid plus a querystring starting with a ? and the sessionid changes on every request (like on Login-Pages) this leads to an endless loop.

Steps to reproduce:

1. have a site with a Loginform and a url like this: http://example.com/blah/;jsessionid=abc?somevar=blah123
2. enter some wrong login-cred and you get a new session and a new token like this: http://example.com/blah/;jsessionid=efg?somevar=blubb456

shoot against that page with arachni and arachni detects for every response to each newly submitted form as a new page (because of the new jsessionid) and will end up in an endless loop.

Expected behaviour: arachni detects the newly generated sessionid and handles the page as already scanned.