I have seen the method to disable session IDs which appear in URLs in various places on the internet.

What I don't see, is what difference it makes. OK, the URL changes - but surely there is a downside somewhere?

How are the sessions passed from page to page without the PHPSESSID in the URL?