Simon Harris wrote:
> Hi All,
>
> I am using session vars for admin security on some of my pages, to check if
> admin is logged on or not. This works AOK, But, when a non-authenticated
> user clicks a link on a page that has session_start() in it, the link is as
> I expect it to be, but has the following appended to it:
>
> ?PHPSESSID=793be....etc!
>
> Whoops....Brain storm at this point. Seems PHP is automatically appending
> this to enable sessions to work, as I had cookies disabled...clever! :)
>
> Please do let me know if I'm not quite right here!
>
> Cheers!
> Simon.
>

Read this:
<http://www.php.net/manual/en/ref.session.php#session.idpassing>