http://www.xisc.com/forum/viewtopic.php?t=3528 reports
the bug. SID is passed in the get request even if PHP's
session.use_cookies or session.use_only_cookies are
enabled. The attached patch tries to fix this. Please
read the original post for details.
Logged In: YES
user_id=1316770
Patch file
Patch file