Related to the below update regarding URL redirection, you could also make the change in /includes/functions/html_output.php to not output the OSC session id on the first page. I've tested this and there are no issues when this is done. The url that was beign redirected to with this "bug" was similar to:
-c-16?osCsid.html
Note that it put the ?osCsid before the .html.

Change:
function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {

to:

function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = false, $search_engine_safe = true) {

See that I changed $add_session_id to false. That's it.



More...