My guess is this issue: Transparent session ID support exposes PHP to cross-site-scripting attacks.
This is required for eZ publish to work properly with session if the cookie are not set in your browser. Also eZ publish escapes the session key so it's not possible to hack your site if transparent sessions are on.
You should see if a cookie has been made in your browser, if not it won't know the session id from one page load to another.