jsessionid added only when cookies are disabled and when the session was created on the server side (and therefore, the server side needs to somehow notify the client about this, the cookie will be used by default). If the session is not created, then it makes no sense to add jsessionid .
Try adding the following line at the top of your JSP, at least until the line <c:url> called. It not only prints / debugs the session identifier for you, but also implicitly creates a session if it is not already done.
${pageContext.session.id}
Do this for testing only. If this works, the reason for your problem is that there were simply no sessions. Just keep it as it is. No need to unnecessarily create a session. For the case when cookies are not supported as a session and browser, c:url will work fine.
By the way, to check if cookies are really disabled, track the headers of the Firebug requests. If the request does not have a Cookie header, even if the server set the Set-Cookie header in the response, this means that cookies are indeed disabled on the client side.