We are running Jboss AS7 inside IIS using the ajp connector. Everything works fine except the jsessionid variable causes a 404 error (IIS double escape error) when it has a plus sign in it. Like this:

http://site/something.do;jsessionid=x2iV3knb6EjbYrnLjE+0FpVJ.node1?method=accept

I could allow IIS to accept double escape requests (security hole), or rewrite the URLs (PITA).

Does anyone have another suggestion for either removing the jsessionid or ensuring it doesn't have a plus sign?