I am using it as a "crude" way to sort of detect if a session id is called directly or from a script. I am trying to avoid session replaying or hijacking by trying to determine if the session id is validly passed from the script or not.

Though my session id's expire after "n" minutes, if the session is replayed within the "n" period, this is still possible, but this is not what I wanted. Do you have some sort of "sanity check" suggestions?