Embedding the SID in a URL can cause cause undesirable side-effects:
- Bookmarking the link will fix the sid, and won't work anyway once the session has expired and will require the user to log in again, even if he or she already has a valid session open.
- Appending the SID to quasi-static items such as style.php and download/file.php frustrates local caching on the browser, since browsers will treat URLs with different SIDs as different items. Such unnecessary repeat downloads are a material % of my aggregate site bandwidth.
- This introduces security loop-holes if the user publishes the URI or sends it to a colleague as this will mean that the recipient with acquire the senders session context.