By default, Tomcat directly sends cookies in the HTTP response , like SET COOKIE:JSESSIONID....back to the browser and rewrites the URL to add a JSESSIONIDparameter in it , for the first request, so that it can fall back on the later in case cookiesare disabled in the client browser.

默认情况下，Tomcat 直接在 HTTP 响应中发送 cookie，例如SET COOKIE:JSESSIONID....返回浏览器并重写 URL 以JSESSIONID在其中添加一个参数，用于第一个请求，以便在客户端禁用cookie的情况下可以回退到后面浏览器。

The next time if the browser requests the server with the JSESSIONIDin its request, Tomcat will use the JSESSIONIDcookie for maintaining the session.

如果浏览器请求服务器与下一次JSESSIONID在request，Tomcat将使用JSESSIONID的cookie维持会话。

You can overide the session cookie behavior in Tomcat by modifying context.xml:

您可以通过修改context.xml来覆盖 Tomcat 中的会话 cookie 行为：

<Context cookies="false">
</Context>

and disable the url re-writing the same way :

并以相同的方式禁用 url 重写：

<Context disableURLRewriting="true">
</Context>

Even read this Servlet Session Tracking with cookies (JSESSIONID)

甚至阅读这个Servlet Session Tracking with cookies (JSESSIONID)

Tomcat sends cookies by default unless they are blocked by the user from the browser (though this practice is not encouraged). Moreover, the session cookies (JSESSIONID) that are created are not persistent cookies and they die off whenever that instance(window) of the browser is closed.

默认情况下，Tomcat 会发送 cookie，除非它们被用户从浏览器阻止（尽管不鼓励这种做法）。此外，创建的会话 cookie (JSESSIONID) 不是持久性 cookie，只要浏览器的该实例（窗口）关闭，它们就会消失。