Index: java/org/apache/catalina/core/ApplicationContext.java
===================================================================
--- java/org/apache/catalina/core/ApplicationContext.java	(revision 1036595)
+++ java/org/apache/catalina/core/ApplicationContext.java	(working copy)
@@ -1176,8 +1176,14 @@
 
     private void populateSessionTrackingModes() {
         // URL re-writing is always enabled by default
-        defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL); 
-        supportedSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);
+    	
+    	defaultSessionTrackingModes = EnumSet.noneOf(SessionTrackingMode.class);
+    	supportedSessionTrackingModes = EnumSet.noneOf(SessionTrackingMode.class);
+
+    	if(!context.isDisableUrlSessionTracking()) {
+	        defaultSessionTrackingModes.add(SessionTrackingMode.URL); 
+	        supportedSessionTrackingModes.add(SessionTrackingMode.URL);
+    	}
         
         if (context.getCookies()) {
             defaultSessionTrackingModes.add(SessionTrackingMode.COOKIE);
Index: java/org/apache/catalina/core/StandardContext.java
===================================================================
--- java/org/apache/catalina/core/StandardContext.java	(revision 1036595)
+++ java/org/apache/catalina/core/StandardContext.java	(working copy)
@@ -313,6 +313,11 @@
 
 
     /**
+     * Should we disable URL rewriting for session tracking? 
+     */
+    private boolean disableUrlSessionTracking = false;
+    
+    /**
      * Should we allow the <code>ServletContext.getContext()</code> method
      * to access the context of other web applications in this server?
      */
@@ -1404,6 +1409,19 @@
     }
     
     
+    public boolean isDisableUrlSessionTracking() {
+		return disableUrlSessionTracking;
+	}
+
+
+	public void setDisableUrlSessionTracking(boolean disableUrlSessionTracking) {
+		boolean oldDisableUrlSessionTracking = this.disableUrlSessionTracking;
+		this.disableUrlSessionTracking = disableUrlSessionTracking;
+		support.firePropertyChange("disableUrlSessionTracking",
+				oldDisableUrlSessionTracking, this.disableUrlSessionTracking);
+	}
+
+
     /**
      * Gets the name to use for session cookies. Overrides any setting that
      * may be specified by the application.
Index: java/org/apache/catalina/core/mbeans-descriptors.xml
===================================================================
--- java/org/apache/catalina/core/mbeans-descriptors.xml	(revision 1036595)
+++ java/org/apache/catalina/core/mbeans-descriptors.xml	(working copy)
@@ -166,6 +166,10 @@
                type="java.lang.String"
                writeable="false" />
           
+    <attribute name="disableUrlSessionTracking"
+               description="Should we disable URL rewriting for session tracking?"
+               type="boolean"/>
+
     <attribute name="displayName"
                description="The display name of this web application"
                type="java.lang.String"/>
Index: webapps/docs/config/context.xml
===================================================================
--- webapps/docs/config/context.xml	(revision 1036595)
+++ webapps/docs/config/context.xml	(working copy)
@@ -168,6 +168,14 @@
         return <code>null</code>.</p>
       </attribute>
 
+      <attribute name="disableUrlSessionTracking" required="false">
+        <p>Set to <code>true</code> if you want to disable URL rewriting
+        for session identifier communication. In this case, either
+        <code>cookies</code> should be set to <code>true</code> or 
+        SSL should be enabled to track sessions.
+        Default value is <code>false</code>.</p>
+      </attribute>
+
       <attribute name="docBase" required="true">
         <p>The <em>Document Base</em> (also known as the <em>Context
         Root</em>) directory for this web application, or the pathname