If you've got a <Valve className="org.apache.catalina.valves.RequestDumperValve"/> defined for the <Engine/> node in server.xml for your Tomcat installation, you should be able to see cookies being passed in HTTP requests: ====================================================== 2005-02-02 10:30:39 RequestDumperValve[engine]: REQUEST URI =/calendar/DownloadEvents 2005-02-02 10:30:39 RequestDumperValve[engine]: authType=null 2005-02-02 10:30:39 RequestDumperValve[engine]: characterEncoding=null 2005-02-02 10:30:39 RequestDumperValve[engine]: cookie=n.gp.8c52f99421cdaa97=20050123 2005-02-02 10:30:39 RequestDumperValve[engine]: cookie=n.gp.01a0d577f34f043b=20050319 2005-02-02 10:30:39 RequestDumperValve[engine]: header=accept=*/* 2005-02-02 10:30:39 RequestDumperValve[engine]: header=accept-language=en-us 2005-02-02 10:30:39 RequestDumperValve[engine]: header=accept-encoding=gzip, deflate : : : 2005-02-02 10:30:39 RequestDumperValve[engine]: requestedSessionId=null 2005-02-02 10:30:39 RequestDumperValve[engine]: scheme=http 2005-02-02 10:30:39 RequestDumperValve[engine]: serverName=sample.com 2005-02-02 10:30:39 RequestDumperValve[engine]: serverPort=80 2005-02-02 10:30:39 RequestDumperValve[engine]: servletPath=/calendar/DownloadEvents 2005-02-02 10:30:39 RequestDumperValve[engine]: isSecure=false ======================================================
The cookies in the above sample are app-specific and not Tomcat session cookies, but give the general idea. You should also check the security settings/preferences of the browsers in question as such settings can constrain the browser's use of cookies.