diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
index 1afefeba743..c24000f943b 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/CookieRequestCache.java
@@ -17,7 +17,6 @@
 package org.springframework.security.web.savedrequest;
 
 import java.util.Base64;
-import java.util.HashMap;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -79,11 +78,6 @@ public SavedRequest getRequest(HttpServletRequest request, HttpServletResponse r
 		DefaultSavedRequest.Builder builder = new DefaultSavedRequest.Builder();
 		int port = getPort(uriComponents);
 		MultiValueMap<String, String> queryParams = uriComponents.getQueryParams();
-		if (!queryParams.isEmpty()) {
-			HashMap<String, String[]> parameters = new HashMap<>(queryParams.size());
-			queryParams.forEach((key, value) -> parameters.put(key, value.toArray(new String[] {})));
-			builder.setParameters(parameters);
-		}
 		return builder.setScheme(uriComponents.getScheme()).setServerName(uriComponents.getHost())
 				.setRequestURI(uriComponents.getPath()).setQueryString(uriComponents.getQuery()).setServerPort(port)
 				.setMethod(request.getMethod()).build();
diff --git a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
index 9572f9e012b..c3bb91500c0 100644
--- a/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
+++ b/web/src/test/java/org/springframework/security/web/savedrequest/CookieRequestCacheTests.java
@@ -153,6 +153,25 @@ public void requestWhenDoesNotMatchSavedRequestThenDoesNotClearCookie() {
 		assertThat(expiredCookie).isNull();
 	}
 
+	@Test
+	public void matchingRequestWhenUrlEncodedQueryParametersThenDoesNotDuplicate() {
+		CookieRequestCache cookieRequestCache = new CookieRequestCache();
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.setServerPort(443);
+		request.setSecure(true);
+		request.setScheme("https");
+		request.setServerName("abc.com");
+		request.setRequestURI("/destination");
+		request.setQueryString("goto=https%3A%2F%2Fstart.spring.io");
+		request.setParameter("goto", "https://start.spring.io");
+		String redirectUrl = "https://abc.com/destination?goto=https%3A%2F%2Fstart.spring.io";
+		request.setCookies(new Cookie(DEFAULT_COOKIE_NAME, encodeCookie(redirectUrl)));
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		final HttpServletRequest matchingRequest = cookieRequestCache.getMatchingRequest(request, response);
+		assertThat(matchingRequest).isNotNull();
+		assertThat(matchingRequest.getParameterValues("goto")).containsExactly("https://start.spring.io");
+	}
+
 	@Test
 	public void removeRequestWhenInvokedThenSetsAnExpiredCookieOnResponse() {
 		CookieRequestCache cookieRequestCache = new CookieRequestCache();