The complete answer to this question is a combination of all your responses, so I'm going to summarize:

这个问题的完整答案是你所有回答的组合，所以我要总结一下：

1. There is no need to set cookies="false" in the context.xml file. The ideal functionality is for tomcat to use it's url-based session identification, which will be used by default if cookies are not supported by the user.

2. When a user doesn't have cookies enabled, tomcat will identify the session by the "JSESSIONID" parameter from the url of the request. A couple sample urls are as follows http://www.myurl.com;jsessionid=123456AFGT3http://www.myurl.com;jsessionid=123456AFGT3?param1=value&param2=value2Notice how the session id is not part of the url query string (this is a j2ee standard)

3. In order to ensure the jsessionid parameter gets appended to all your request URLs, you can't have plain url references. For example, in JSTL, you have to use < c:url>. The servlet engine will then automatically append the jsessionid to the url if it is necessary. Here's an example:

   <%--this is bad:--%> < a href="page.html">link< / a>

   <%--this is good:--%> < a href="< c:url value='page.html'/>">link< / a>

1. 无需在 context.xml 文件中设置 cookies="false"。理想的功能是让 tomcat 使用它的基于 url 的会话标识，如果用户不支持 cookie，它将默认使用。

2. 当用户没有启用 cookie 时，tomcat 将通过来自请求 url 的“JSESSIONID”参数来识别会话。几个示例 url 如下 http://www.myurl.com;jsessionid=123456AFGT3http://www.myurl.com;jsessionid=123456AFGT3?param1=value&param2=value2注意会话 id 不是 url 查询字符串的一部分（这是 j2ee 标准）

3. 为了确保将 jsessionid 参数附加到您的所有请求 URL，您不能拥有简单的 url 引用。例如，在 JSTL 中，您必须使用 <c:url>。如果需要，servlet 引擎会自动将 jsessionid 附加到 url 中。下面是一个例子：

   <%--这不好：--%> <a href="page.html">link</a>

   <%--这个好：--%> <a href="<c:url value='page.html'/>">link</a>

You could track by IP address, but proxy servers (and NAT?) could mess you up.

您可以通过 IP 地址进行跟踪，但代理服务器（和 NAT？）可能会让您一头雾水。

You could force all URLs to have the session as a parameter, and all forms as a hidden field. Maybe a custom tag for generating URLs could help here, but I've not done much work with taglibs.

您可以强制所有 URL 将会话作为参数，并将所有表单作为隐藏字段。也许用于生成 URL 的自定义标签在这里会有所帮助，但我对 taglib 的工作并不多。

You will need to consider security - people might email links to someone else with the session id in it, so you will want to have an IP address check for each access to check that the address matches the session.

您将需要考虑安全性 - 人们可能会将链接通过电子邮件发送给包含会话 ID 的其他人，因此您需要对每次访问进行 IP 地址检查，以检查地址是否与会话匹配。

See http://tomcat.apache.org/tomcat-5.5-doc/config/context.html.

请参阅http://tomcat.apache.org/tomcat-5.5-doc/config/context.html。

In a file META-INF/context.xml,

在文件 META-INF/context.xml 中，

<?xml version='1.0' encoding='UTF-8'?>
<Context path='/myApplicationContext' cookies='false'>
  <!-- other settings -->
</Context>

As matt b commented this should work out of the box (tomcat will try cookies, and if that fails fall back on encoding the session in the url). However, this will not work if you create a 'plain' link yourself - always use a method like JSTL's so tomcat can add the tracking parameter to all urls.

正如 matt b 评论的那样，这应该是开箱即用的（tomcat 将尝试使用 cookie，如果失败，则返回对 url 中的会话进行编码）。但是，如果您自己创建“普通”链接，这将不起作用 - 始终使用类似 JSTL 的方法，以便 tomcat 可以将跟踪参数添加到所有 url。

Best way is to use URL rewriting. So, when you use request.getSession(),the containerwill send "Set-Cookie" header for session-idin HTTP-response as well as session-idappended to URL(but you must use response.encodeURL(session_info)for url rewriting).

最好的方法是使用URL 重写。因此，当您使用时request.getSession()，container将在 HTTP 响应中发送“ Set-Cookie”标头session-id以及session-id附加到URL（但您必须response.encodeURL(session_info)用于 url 重写）。

public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException  {
    resp.setContentType("text/html");
    PrintWriter pw=resp.getWriter();
    HttpSession session=req.getSession();
    pw.println("<html><body>");
    pw.println("<a href=\""+resp.encodeURL("/session_info")+"\">Click</a>");
    pw.println("</body></html>");

}