This week's book giveaway is in the General Computing forum. We're giving away four copies of Arduino in Action and have Martin Evans, Joshua Noble, and Jordan Hochenbaum on-line! See this thread for details.
I use "isRequestedSessionIdFRomURL" and "isRequestedSessionIdFromCookie" to check where the jsessionid is from. By the way, I use encodeURL(). It surprises me that no matter if I disable the cookie from client side (I don't have to restart machine for this, right ?), the first time I open a browser it shows the id is from URL and it appends a jsesionid=.. for me. when I go back to the 1st page and hit refresh, then it shows the id is from cookie and that "jsessionid=.." disappears.