One good reason to use GET query strings instead of session variables is that PHP does an awful job at setting session variables with all browsers, and an even worse job of deleting session variables.
I have seen many work-arounds and fixes for this problem, such as calling javascripts, changing http headers manually to set/delete/change cookies, using different cookie-management functions for different client browsers, and more.
There are major 2 disadvantages that I know of to using GET query strings:
Sharing the string between each page. Every single page, even redirection pages, have to append the session info to the query string
Session info should expire and only apply to a certain user. For example if you log into a site and see a good article and send the URL to a friend, you may also unknowingly send your session info, ie http://www.articles.com/article.php?userid=245&sessionid=2Hs3Y3s
Simply by sending them this URL, you could end up logging them in to your account!
One solution is to look at the HTTP_REFERER and if it is outside the site, reset the session info.
You can also try including an expiration time in the session id (encrypted, of course!), and possibly something to uniquely identify the user, such as their IP address (again, encrypted), or their username. THis isn't a great solution, though, as personal info ends up in the URL.
Hope this helps.
