But I would like to ask: I have read somewhere (I can't remember where anymore), that when session starts, it may set a cookie named SSID on client-side.
Is that true, and if it is , can it be used for such a thing?
I would advice you to stay away with internals of PHP.
That being said, I will quote Vikram's explanation found here:
Sessions work by associating every session with a session ID (a unique
identifier for the session) that is automatically generated by PHP. This session ID is
stored in two places: on the client using a temporary cookie, and on the server in a
flat file or a database. By using the session ID to put a name to every request received,
a developer can identify which client initiated which request, and track and maintain
client-specific information in session variables (variable-value pairs which remain alive
for the duration of the session and which can store textual or numeric information).
I would agree with evstevemd, changing the way session works on php could create big security holes on the server. An easy way to manually manage sessions is to store the start time in a session variable and if it exceeds 24 hours, just call session_destroy.