Yes. URL rewriting. There are several API functions in
J2EE to handle URL rewriting.
However, unlike cookies, rewritten URLs are pretty fragile. If someone manually types in a URL, they probably won't type in the extra information relating to the session (and if they type as bad as I do, they'll probably get it wrong). Cookies are handled automatically, and they can be given a specific lifespan.