Why doesn't exercise 8-1 from Murach's Java Servlets work for me on IE7?

Hello.
I am trying to run exercise 8-1 (Test URL Encoding) in Murach's Java Servlets and JSP (2nd Edition), and am running into trouble. The chapter comes with a "cart" NetBeans web application in which the user can add selected items to a cart and then the application shows the items in a table. The premise of the exercise is that if cookies are enabled in the browser, the URL's will be encoded with the session ID once, because the URLs are processed with the encodeURL() method in the JSP files. In fact that works - the first time I add something to the cart, the session ID is evident in the URL, but after I add subsequent items the session ID disappears because cookies are taking care of session ID tracking.

The exercise suggests that I disable cookies in the browser and try running it again. The expected result is that the session ID will continue to be encoded into the URL with every page, again because encodeURL is invoked. However, when I try this using IE7, I get the same result as when cookies are enabled. I feel pretty confident I did disable cookies, because when I try to log in to www.amazon.com, it gives me an error message because cookies are disabled. They obviously need the cookies for session tracking, etc.

I tried this exercise with Firefox, and got the expected results (session ID displayed in the URL once when cookies were enabled, and they were displayed for every page when cookies were disabled).

The exercise also suggests altering the JSP's so that the URL's are not encoded. That should work fine if cookies are enabled, but should result in a "cart" that only contains one item if cookies are disabled. With IE7, the cart worked (displayed all selected items) the same, whether I had cookies enabled or disabled.

I am including below the code from one of the JSP files. Obviously it won't be terribly meaningful without the classes that are imported or the web.xml file or the servlet code. However, if somebody out there wants to attempt to answer my question (which is, "why doesn't this exercise work with IE7?") and feels they need to see all this code, let me know and I'll post it.

Thanks!

cart.jsp:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Murach's Java Servlets and JSP</title> </head> <body> <h1>Your cart</h1> <table border="1" cellpadding="5"> <tr> <th>Quantity</th> <th>Description</th> <th>Price</th> <th>Amount</th> </tr> <%@ page import="business.*, java.util.ArrayList" %> <% Cart cart = (Cart) session.getAttribute("cart"); ArrayList<LineItem> items = cart.getItems(); for (LineItem item : items) { Product product = item.getProduct(); %> <tr valign="top"> <td> <form action="<%=response.encodeURL("cart")%>" method="post"> <input type="hidden" name="productCode" value="<%=product.getCode()%>"> <input type=text size=2 name="quantity" value="<%=item.getQuantity()%>"> <input type="submit" value="Update"> </form> </td> <td> <%=product.getDescription()%> </td> <td> <%=product.getPriceCurrencyFormat()%> </td> <td> <%=item.getTotalCurrencyFormat()%> </td> <td> <form action="<%= response.encodeURL("cart")%>" method="post"> <input type="hidden" name="productCode" value="<%=product.getCode()%>"> <input type="hidden" name="quantity" value="0"> <input type="submit" value="Remove Item"> </form> </td> </tr> <% } %> <tr> <td colspan="3"> <p><b>To change the quantity</b>, enter the new quantity and click on the Update button.</p> </td> </tr> </table> <br> <form action="<%= response.encodeURL("index.jsp")%>" method="post"> <input type="submit" name="continue" value="Continue Shopping"> </form> <form action="<%= response.encodeURL("checkout.jsp")%>" method="post"> <input type="submit" name="checkout" value="Checkout"> </form> </body> </html>