Ok, so how does sessions work?

I understand the basics of sessions, it is just that damn $PHPSESSIONID=sfjldsj
in the url that bugs me.
eg in PHPBB.
phpbb is not crawlable because of sid=3jfld in the url (alhough I never see it when I hover my mouse over the links.. why?)
did the programmers actually pass it like echo "<a href='bla&sid=session_id()'>" ?
if so then what is the advantage?

pardon the basic questions, but please help.
thanks

 

A session is a collection of variables in the server that is identified by a session ID first sent by the server to the client using one of two mechanisms:

1) a cookie, in which case it is returned by the server as an HTTP header:

Set-Cookie: PHPSESSID=12345678901234567890

2) a query string, in which case you will have to write your HTML using the special variable called SID:

<a href="filename.html?my-param=my-value&amp;<?= SID ?>">link</a>

Since some clients do not accept cookies, some applications need to be coded using query string based approach. Usually, this would be applications that do not get indexed, such as web mail, control panels, etc. It is not a good idea to return a session ID as a query string if you want your page to be properly indexed.

J.D.

 

A lot of folks look at the user agent string and do not start the session if the visitor if a bot.