There are two ways you can handle sessions. 1> Cookies 2> URL Rewriting The most common and easiest way to handle seesion is cookies. In cookies the session id will set as part of the response. But if the browser wont support cookies then you have to go for URL rewriting , beacause in url rewriting the session id will be appended to the end of each url and browser wont care for that. Means it can't disable URL rewritng.