No... You're only seeing part of the picture and assuming that's how it works the rest of the time :/
PHPSESSID - for logged in members is set up by PHP. We have no control of that at the Wedge level, not for the want of trying, though.
PHPSESSID - for guests is set up all the time, again by PHP... but it is only injected into links if cookies were not found, which should only be the first page load. PHP itself doesn't do the injection part (because we tell it not to) but we manually handle the process at this time, so instead of it being every page without fail, it is only when cookies are not present. Links will be without PHPSESSID if you view more than one page as a guest and cookies are enabled.
There are two parts to my suggestion:
1, disable the injection. This would give us a minor performance boost, a minor bandwidth saving but makes stats less accurate.
2. disable session handling *entirely* for guests. This would give us a major performance boot, no additional bandwidth saving over the first one, and the number of guests becomes unavailable. But no number is probably more meaningful than a very-inaccurate number.