1. URL Rewriting and Cookie - This will be taken care by container. If Cookie is disabled, Container will automatically start using URL Writing. Only thing you need to do is, what ever URL in your JSP make sure it is encoded URL by calling method below,
2. Hidden Variable - not a suggestable way of doing, as you have already have good methods to go.
HTTPS: I'm not sure about this. I think when you want secure communication, you can use this.