Merlyn's article in the first reply was very useful to me. In cases where the browser is not accepting the cookie, you could embed the session ID in the URI and retrieve it from PATH_INFO. I have used this scheme on a few sites. This isn't a good idea for secure sites, however, since the session ID is displayed in plain view in the browser's address bar and could be easily hijacked by a passerby.