URL rewriting is not dependent on cookies. In fact, it is quite useful when cookies are disabled. URL rewriting, as the name suggests, rewrites the URL. True, JSESSIONID is a cookie. So, if cookies are disabled, JSESSIONID would not be available to the server from your browser. To solve this problem, you can use URL rewriting, which will just append, say, JSESSIONID=<sessionIdValue> at the end of your URL, so that your server-side components can retrieve the session id from the URL instead of the cookie.