The same thing is true for cookies. What’s the right way to check that cookies are enabled and respond gracefully if they aren’t? Showing an error message? Rewriting the URL with the session ID? Just not working? Since cookies are the best way to support sessions securely, I propose that if you need to support sessions, present an error message to users with cookies disabled.
If the web is really just a composition of technologies, how should it respond when some technologies are missing? Why don’t browsers and application frameworks give us easy ways to check for these dependencies?