You use URL rewriting when the client has disabled cookies on the browser. URL rewriting takes the session ID that is in the cookie and stick it right onto the end of every URL that comes in to the application. The Container will strip of this extra part of the request URL and use it to find the matching session when a user request something from a link. All of this is necessary because HTTP is stateless so you cannot keep track of a users session unless you use cookies or URL rewriting.
Why it cannot be used in static pages (html) is for the same reason you can not use scripting and EL in static pages. HTML is not turned into some sort of
JAVA class that will be executed. With a
JSP the scripting or EL code is turned into JAVA code when the JSP is transformed into a
servlet class that will be executed and the response send to the browser. You need a response.endcodeURL or <c:URL> to encode the URL for you and it will only work in a dynamic page.