http://www.developer.com/net/asp/article.php/2216431/Enabling-POST-in-Cookieless-ASPNET-Applications.htm
Asp.Net intercepts the posted request, adds the session id, and redirects it to the same page.
Of course, this process is only necessary once; after the session id is in the URL, there is no need to insert it again.
In IE the redirection is invisible to the user because it supports the redirect request in the HTTP header.
In the case of Opera 6.01, it doesn't; hence the "Object has moved here" communication.
The downside of redirecting a request in this manner is that it's always as a GET request.
making transferring of our posted data impossible.
it's clear that to resolve this problem we have to find out when Asp.Net redirects the response,
clear it, and once again post our data with the session id string.
https://en.wikipedia.org/wiki/HTTP_302
ещё есть код 307 (и 303)
я проверял wireshark-ом, выдаётся 302, работает автоматически в firefox и в chrome
поэтому при заходе на главную страницу сразу добавляется идентификатор сессии
Проблема SID и ботов в PHP
The first time a page is accessed, PHP doesn't yet know if the browser is accepting cookies or not,
so after session_start() is called, SID will be non-empty, and
the PHPSESSID gets inserted in all link URLs on that page that are properly using SID.
This has the consequence that if, for example, a search engine bot hits your home page first,
all links that it sees on your home page will have the ugly PHPSESSID=... in them.
This appears to be the default behavior. A work-around is to turn on session.use_only_cookies,
but then you lose session data for anyone who has their cookies turned off.