Just curious, AFAIK php passes the session id in a cookie, but if cookies are disabled sessions will not work, unless the page is called with the PHPSESSID variable in the url. My question is, I've got cookies disabled and passing the PHPSESSID in the url, but after that the only thing I'm calling is session_start() just like that and nothing else. Does this mean that the session_start function also checks the GET variables for the variable named PHPSESSID? and if found uses it? Is this correct? What's going to happen if a bookmark is called up that has an old session in the URL? Is it just going to ignore the old session key and start a new one, meaning that the URL in the address bar will not reflect the actual session at the time? Also, does this imply that if I intend to POST a form to the same page, and leave the action= to blank it's going to post the wrong session key again, thereby starting another new session each time the form is posted? So I imagine I would have to construct something like this for the action= $_SERVER['PHP_SELF']."?PHPSESSID=".session_id( ); Sorry if this questions a bit complicated, Thanks