Tomcat sends cookies by default unless they are blocked by the user from the browser (though this practice is not encouraged). Moreover, the session cookies (JSESSIONID) that are created are not persistent cookies and they die off whenever that instance(window) of the browser is closed.
