vBulletin will use the session IDs on the URL when the user doesn't accept cookies.
But there is a chicken and egg problem. In order to know if the user accepts cookies, vBulletin will check if the user's browser send cookie data. Of course when a user never visited the site it won't have any cookies, so vBulletin will think the user didn't accept cookies. On every visit vBulletin will try to set cookies (like last visit and session ID cookies). On the 2nd page request vBulletin will really know if the user accepts cookies.
So completely new users to your site will always get the session ids on the url, but probably won't get them in every subsequent request.
Confirmed spiders will never get session ids on the url.
|