When cookies are disabled, (and sessions are being used) the default .htaccess file allows php to append a get variable to the end of the url containing the session id to continue using sessions. Obviously this is a major security flaw, but does this mean (I dont have a custom server to test on and most servers have this off) that somebodies session can be accessed from anywhere, as long as the session is open and one has the id?When cookies are disabled, (and sessions are be