by CIA, Inc.
I don't think you should write sid=??? part of an URL in public.
Hehe. you shouldn't however if things are coded correctly having just the session id won't allow you to hijack the session anyway (2 seconds of testing confirms this), so it doesn't really matter :) nice spot though!
Keep the Phoenix news flowing :)