That has always been my backup plan for users that don't accept cookies. I use cookies but I also add the sessionID to the URL if the browser doesn't accept cookies.
Is appending the sessionID alone a prefered way of doing this? If a user accepts cookies, why not use that?