Remember way back in our old servlet days when we wanted to use a session? First we had to get the session (either the existing one or a new one). At that point, the Container knows that it’s supposed to associate the client from this request with a particular session ID. The Container wants to use a cookie—it wants to include a unique cookie with the response, and then the client will send that cookie back with each subsequent request. Except one problem... the client might have a browser with cookies disabled. Then what?
The Container will, automatically, fall back to URL rewriting if it doesn’t get a cookie from the client. But with servlets, you STILL have to encode your URLs. In other words, you still have to tell the Container to “append the jsessionid to the end of this particular URL...” for each URL where it matters. Well, you can do the same thing from a JSP, using the <c:url> tag.
URL rewriting from a servlet
URL rewriting from a JSP