I was under the impression that this was an unfortunate side-effect of Jasper/JSPs...
Are you implying that this does not happen with Tomcat ?
Jetty itself will only create a session if you are using FORM authentication. Thus I assume that it is a bug/feature in jasper.
If you can tell me the version of Jetty (or JBoss) you are using, confirm that you are not using FORM authentication
and send me a JSP in the style you are using, then I'll see if I can workout who/what is doing this.
I use JBoss 3.0.1. Wasn't able to reproduce this behavior anymore. But I do remember seeing jsessionid in some HTTP headers, even though I do not use any kind of authentication... Anyways, I'll complain again if the problem should reappear. Thanks!