I am facing this issue with connect's session middleware, with mobile web clients. Lot's of older browsers are url escaping the connect.sid cookie, with the result that sessions are not available on subsequent requests.
Here's an example
'user-agent': 'Nokia200/2.0 (11.81) Profile/MIDP-2.1 Configuration/CLDC-1.1 UCWEB/2.0(Java; U; MIDP-2.0; en-us; nokia200) U2/1.0.0 UCBrowser/126.96.36.199 U2/0,
cookie: 'connect.sid=s%3Ak%2B63%2FiWkrB%2BrQX8ZE3f0IrZ9.8dxYpYsW6fpKeFfpJ2CUb4J1xev6QnGOxA4yxZqYOF4; __utma=39325218.948513286.1359018506.1359018506.13590t,
This probably violates spec but in production, I need to handle such browsers.
What is the best way to address this? If session would allow me providing a custom function to generate cookies that don't contain the unsafe characters, it would help for now.
Please close this - it turned out to be a different issue altogether. Sorry for the trouble.