If you want to use sessions instead, then you can change it with
Why do you think it is a security problem? Most major systems supports cookies. Usually only banks and similar systems uses very strict sessions.
Hi Flamber, thanks for pointing to MB_Session_Cookies variable. Reason why i was looking at this was , we were able to do cookie injunction and hijack the session of another user during our security test. So wanted to check if we can avoid the cookies.