one method would be to write a script that reads the cookie after you write it. Set the session-id in the header, pass the "Location:" header to another script, attempt to read the cookie. If you can read it great, otherwise tell the user that it isnt enabled.