We are running Jboss AS7 inside IIS using the ajp connector. Everything works fine except the jsessionid variable causes a 404 error (IIS double escape error) when it has a plus sign in it. Like this:
I could allow IIS to accept double escape requests (security hole), or rewrite the URLs (PITA).
Does anyone have another suggestion for either removing the jsessionid or ensuring it doesn't have a plus sign?