I'm using 2.0.13.1 and have recently moved sites. That was fine, however it has developed a "random feature" that could be a security hole. It takes some links and adds a ?PHPSESSID at the end.

For example: http://www.myxoopswebsite.com/modules/tinycontent/index.php?id=4&PHPSESSID=ccbr2106of3f40if1c5b6c02de855f4f

(actual details changed for security)

Now, if it is not a security concern: great! However, I now just try and edit something in tinycontent, for example create a link on my page. For example:
http://www.myxoopswebsite.com/modules/tinycontent/index.php?id=4

I click save, and then go to view the page from the front end of my site, and it has that PHPSESSID at the end! I then go to edit it, and it has it there too!

(Note: this does not happen for auto generated urls, like "Top 10 Downloads" or my user menu blocks)

Is it a concern? How can I make it stop?

search is a great tool :)

https://xoops.org/search.php?query=phpsessionid&action=results