You may want to first read about the difference between a session and a cookie.

There are two session or cookie management levels. You can set the session or cookie management settings at the application server level, or at the application level. The settings at the application level will take precedence over the settings at the application server level.

Application:

1. In the left panel of the WebSphere web console, expand Application > Application Types, and select Websphere enterprise applications.
2. Select an application.
3. Select Session management.

Application server:

1. In the left panel of the WebSphere web console, expand Server > Server Types, and select Websphere applications servers.
2. Select an application server.
3. Select Session management.

By default, the Maximum in-memory session count will be set to 1000 sessions, and Allow overflow is checked. In this configuration, the maximum number of simultaneous sessions is 1000, however, the limit can exceeded by the allow overflow selection. 

tbd