I was only pointing out that *IF* the user disabled cookies that statement is not true. And then noting the consequences if you are forced to use PHP cookie-less sessions.
Anyway, not disagreeing about whether cookieless sessions implies a problem in all cases. Just noting that it *could*. Clearly not applicable to the simple scenario that is the subject of this thread.