"oh yeah? i dont agree here."
There's allways one... :-)
" its better to use session ID in url and not in cookies. using cookies you will loose couple of % of visitors [those who have cookies disabled]. i dont want to loose even one of them."
meanwhile, back in the real world, the % of people who have cookies diabled is near zero, and those who do have it disabled know why they disabled it and how they can re-enable it for your site.
But the main reason why using the sessionid in the url is bad is that it makes your site un-bookmarkable. Not a single page can ever be bookmarked, because the bookmark automatically overwrites the sessionid every time. You go to www.bla.com, you logon, click your favourite bookmark, and boom, you're logged out again.
And what about searchengines that don't like to search pages with parameters in the url?
The 'ideal' solution would be to have cookies and trans-id, default to cookies and fallback to URL if cookies fail, but using the URL by default is the worst possible choice.
