*you* don't really have to know if cookies are disabled, as the encodeURL method on the response object will either
a)not rewrite the URL because cookies are enabled
or
b) rewrite the URL because they are disabled (or refused).
So it's at least partly transparent to you.
Not too sure about detecting if scripting is disabled. You can't do it with
JSP code, because that's the server side, and it doesn't know anything about the client. And you can't do it client side, because what script will you run to check, if scripting is disabled?
That last bit was me thinking out loud.