You may want to first read about the difference between a session and a cookie.
There are two cookie management levels. You can set the cookie management settings at the application server level, or at the application level. The settings at the application level will take precedence over the settings at the application server level.
Session tracking mechanism
In the Session tracking mechanism section, by default, only Enable cookies is enabled.
When enable cookies is selected, a cookie will be created on the client PC when requesting the app running on WebSphere in the browser. By default, the cookie is named JSESSIONID. In this example, the session ID (0001ngigW0ETRpuIwfKKzcufWkA:1c4gskmd0) was obtained from the cookie which was created when the web app was requested in the browser.
Enable cookies will take precedence over Enable URL rewriting. When Enable cookies is checked, the session ID will attempt to be obtained from a cookie.