You can configure how your container tracks the session using your web.xml. Just add this to enforce cookies:
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
But please not that if you force your container to use cookies, you will break session handling for users that don't have cookies enabled.