Just found out a way to turn off the session Id from the url. There is a big problem for the payment to integrate with the osCommerce shopping cart if the session Id is store in the URL, whenever you return to the shopping cart without the session id, it will ask for login again.
Try to Google it but can't found any solution, but just know that we have to enforce the use cookie, but nothing much more then that.
After try an error for sometime, finally get the solution where you need to login to your admin page at http://yourdomain/admin --> cache ---> enabled cache
By doing that, the session cache will be stored in the temporary file but not on the URL address bar. Then you may avoid the session lost after the URL change.
* Still need sometime to figure out the better solution for that.