In a web app, when user logs in, a HttpSession is created using HttpSession s = request.getSession(true); This creates a cookie with jsessionid on the browser. But if cookies are disabled on browser, How can i proceed with login?

If Cookies are disabled. You should be using URL Rewriting mechanism for Session tracking.

Code Example:

http://www.javadocexamples.com/javax/servlet/http/HttpServletResponse/encodeURL%28String%20url%29.html

The main purpose of logging in is to identify the user. The basic information of the user is stored in the cookie which is basically a text file containing jsessionid. It is the jsessionid we want and not the cookie itself. So, we can get hold of jsessionid and concat it with the url, we will still be able to access contents in the HttpSession object.