[lolinder]

The instant you implement that, then everyone will just start squeezing all the tracking information they need into the WebSession cookie. Plus, this isn't backwards compatible with all the existing servers that use custom names for the session cookie. PHPSESSID, session_id, etc.

[porridgeraisin]

It's already unique, so no need to cram more information.

About the backwards compatibility - the whole idea suggested in the article is that the user can block all cookies and use WebSession. That isn't backwards compatible with PHPSESSID either.

[extraduder_ire]

> everyone will just start squeezing all the tracking information they need into the WebSession cookie

Why would you need to put more information into the cookie if it's already unique?