The JvmRouteValve will log an ERROR and do nothing if the requested session id doesn't come via a cookie. This is a pretty big limitation, as it prevents use of distributed sessions with mod_jk as a load balancer for apps that require URL rewriting.