The reason this isn't working for you is because you need to set the cookie in the response. I noticed this while looking into enabling session state for a dropwizard application where the underlying cookie gets created on the Jetty Response object but it never makes it's way onto the Jersey Response object and therefor gets dropped.

What I've done to work around this issue is to implement a Filter that extracts the "Set-Cookie" information from Jetty and puts it onto the outbound response object.

                String cookie = HttpConnection.
                    getCurrentConnection()
                    .getHttpChannel()
                    .getResponse()
                    .getHttpFields().get(HttpHeader.SET_COOKIE.asString());

            if (LOG.isDebugEnabled()) {
                LOG.debug("Adding session cookie to response for subsequent requests {}", cookie);
            }

            httpServletResponse.addHeader(HttpHeader.SET_COOKIE.asString(), cookie);

@Yashwanth Krishnan

I know this is old but I noticed that the session was not maintained from one URL to another, simply add this code when you init the application, session handling is mostly a container thing and not specific to DropWizard.

SessionHandler sessionHandler = new SessionHandler();
sessionHandler.getSessionManager().setMaxInactiveInterval(SOME_NUMBER);

    /**
     * By default the session manager tracks sessions by URL and Cookies, we 
     * want to track by cookies only since
     * we are doing a validation on all the app not URL by URL.
     */
    sessionHandler.getSessionManager().setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE));

    environment.servlets().setSessionHandler(sessionHandler);