This week's book giveaway is in the OCAJP forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide 1Z0-808 and have Jeanne Boyarsky & Scott Selikoff on-line! See this thread for details.
No, cookies are not needed for session handling. There is another mechanism called "URL rewriting" which can be used instead. Note that this requires all URLs sent to the client to be treated especially.