I should have said that the information is not required to be secure.

If I switch the URL Session ID off, then am I correct in saying that the session ID will be passed via cookies, and that the information that the session carries will be kept on the server?

Should I be worried about people switching off cookies?

An example would be the language that the person was viewing in, or the data being viewed.

My concern is that if I don't pass the session in the URL, then if the visitor has cookies off, then the pages presented will be confusing, and may not work.