I use Tomcat as my web server. My research has revealed that it will
first attempt to store a session id in a cookie. If it can't, it will
embed the session id in the URL. I've also read that I can disable
session support entirely and that I can force sessions to be inserted
in the URL always.

Here's an example of the jsessionid parameter that gets added to the
URL when cookies aren't supported:

;jsessionid=8012F0AA1B354924E2D04221EA7711C1.app2_fa2

I understand that for URL requests that include the jsessionid in
them, I can strip out the session ID using mod_rewrite. But
mod_rewrite doesn't solve the problem of the jsessionid being added to
all the URLs in the resulting HTML page that is sent out to the user
(or search engine).

My concern is that these URLs will look like unique URLs to the search
engines and therefore they'll continue to follow links to pages that
have already been recently indexed. Google seems to be dealing with
this issue automatically by removing the jsessionid, but Yahoo has
hundreds of my site's URLs all pointing to the same page because the
session ID makes the URL look unique.

How do I prevent the jsessionid from being added to URLs, while still
supporting sessions in cookies, without modifying and recompiling the
Tomcat source code?