if the client doens't accept cookies, then the sessionID is propagated through the querystring. this means that there is a variable_value pair on each querystring like sid=sdf5sdf45sdf445sdf
this sessionID is automatically added to each link (in the querystring) + each form (as a hidden formfield) on each page that is sent to the client.
now, you are redirecting the client with
header ("Location: main.php");
so the sessionID get's lost since it's not added to the new locations adress.
to propagate the sessionID, add it like this
header ("Location: main.php?" . SID);