I tried this exercise with Firefox, and got the expected results (session ID displayed in the URL once when cookies were enabled, and they were displayed for every page when cookies were disabled).
The exercise also suggests altering the JSP's so that the URL's are not encoded. That should work fine if cookies are enabled, but should result in a "cart" that only contains one item if cookies are disabled. With IE7, the cart worked (displayed all selected items) the same, whether I had cookies enabled or disabled.
I am including below the code from one of the JSP files. Obviously it won't be terribly meaningful without the classes that are imported or the web.xml file or the servlet code. However, if somebody out there wants to attempt to answer my question (which is, "why doesn't this exercise work with IE7?") and feels they need to see all this code, let me know and I'll post it.