Supporting Sessions Without Cookies in Tomcat

I am currently running an application with the following properties:

I need the ability to support user sessions without cookies. Could someone please point me in the right direction.

Thank you.

Solution 1:

The complete answer to this question is a combination of all your responses, so I'm going to summarize:

There is no need to set cookies="false" in the context.xml file. The ideal functionality is for tomcat to use it's url-based session identification, which will be used by default if cookies are not supported by the user.
When a user doesn't have cookies enabled, tomcat will identify the session by the "JSESSIONID" parameter from the url of the request. A couple sample urls are as follows http://www.myurl.com;jsessionid=123456AFGT3 http://www.myurl.com;jsessionid=123456AFGT3?param1=value&param2=value2 Notice how the session id is not part of the url query string (this is a j2ee standard)
In order to ensure the jsessionid parameter gets appended to all your request URLs, you can't have plain url references. For example, in JSTL, you have to use < c:url>. The servlet engine will then automatically append the jsessionid to the url if it is necessary. Here's an example:

<%--this is bad:--%> < a href="page.html">link< / a>

<%--this is good:--%> < a href="< c:url value='page.html'/>">link< / a>

See http://tomcat.apache.org/tomcat-5.5-doc/config/context.html.

In a file META-INF/context.xml,

<?xml version='1.0' encoding='UTF-8'?>
<Context path='/myApplicationContext' cookies='false'>
  <!-- other settings -->
</Context>