Cookies is the most commonly used method for tracking user session. The way it works is WebSphere Application server's session support generates a unique session ID for each user, and returns this ID to the users browser with cookie. There after whenver browser is making requests browser would send that cookie in header to the server and whenver server is generating response it will send that cookie information in header to the browser. By default websphere uses temporary cookies i.e. cookie which is not written to users machine to store session information, the cookie gets destroyed if the browser is closed. The cookie holds session identifier but the actual session information is stored on the server. The default name of the session management cookie is JSESSIONID
Main disadvantage with cookies is taht some users, either by choice or mandage, disable them from within their browsers.