In reply to comment #053209
Sorry to jump on the wagon, but isn't it completely normal (that eZ would auto-create PHP sessions) ?
IMHO, private browsing in Firefox or whatever web browser simply stands for "I, the web browser, won't accept any cookie from this site, nor in case I accepted some before 'private browsing' was activated for this site, will send some back to the site."
Hence, the logical behavior of a web solution auto-generating cookie-based sessions for anonymous users will be to keep creating on the server side new sessions again and again and again.
UNLESS, of course, there is a new mecanism I'm not aware about in 4.4 (via settingsq?) that prevents such a behaviour, be it IP / IP block based, HTTP User-Agent based, etc, for instance to NOT create sessions for major and known search engine crawling bots.