I'm not sure from your message if you're seeing this with an On Premise installation or not, so my answer may not be appropriate, but one area to be checked when this happens will be the load balancers and any single sign-on configurations. The jsessionid should have been and remained a cookie value unseen in the UI or browser, but somewhere along the way it ended up getting promoted into the URL as a query attribute instead.
Unfortunately (in this case anyway) the content filters in PPM are thorough/explicit and see this as a URL it needs to provide information for, including the parameter key/value pair, and it cannot comply with providing that and gives you this response.
If you are an On Demand customer that happens to be seeing this, (I think) the problem should be able to be resolved through a support issue which can get the relevant teams engaged that look after those configuration items.