Well, considering that the contents of the session cookie is sent to the server with each HTTP request, a cookie solution isn't that much secure anyway. If someone monitors your network traffic, hijacking the session is trivial no matter if you are using cookies or not. The only antidote is to connect through an encrypted channel.

Granted, it's easy to cut&paste the URL and mail it to someone else, but if you're that eager to compromise your own security you could just as well edit the contents of cookies.txt.

Cheers,
--Moodster