Looking through the
servlet APIs for 2.3 and 2.4 I don't see any element like that in the web.xml DTD under <session-config> so the resin usage is non-standard.
According to my reading of the Tomcat docs - encodeURL should return a unchanged
String if the client has cookies enabled. What exactly do you observe?
Bill