A while back Binny VA and recently Rishi alerted me to PHPSESSIDs in some of the URLs. PHPSESSID is used to indicate who owns the PHP session, something useful in case you are tracking sessions, like in case of shopping carts. However, PHPSESSIDs in the URL can make search engines to think it is duplicate content since technically there are two different URLs. It can also lead to security breach if a URL with a PHPSESSID is inadvertently shared.
Disabling PHPSESSID depends on how PHP is being run in your web server. For PHP as a module, you can enter the following in your .htaccess file.
# To avoid PHPSESSID in URLs
php_flag session.use_trans_sid off
# END PHPSESSID
PHPSESSIDs can still be tracked in cookies, or I believe by using session_id().
However, this works only if PHP is compiled as an Apache module. For PHP as CGI, the modifications will have to be done in the local php.ini file, the runtime configuration file.
session.use_trans_sid = 0
Details about access to your .htaccess and php.ini files can be provided by your host. Bluehost, where this blog is hosted, allowed me to access my .htaccess file. This seems to be working right now, however if you still see the problem persist, kindly ping me about it. Also, I am not an expert on Apache configuration, so feel free to correct or add to this.