Now allowing session key to be passed in URL.

Potential security issue here, so enabled only when fb_session_cookieless_iframe variable is set.
Solves a multitude of session state issues, particularly on iframes in safari and ie6 where cookie support is less than acceptable.