hehe, I know.
I only check this when the user doesn't accept cookies.
But I want user that don't accept cookies to be able to use the site normally. So I have to transfer the session id (when no cookie is accepted) from page to page through the url.
I got it working now, I only need to know if there are more variables than the 2 mentioned above to check if a session was hi-jacked.