Yes. The session_onstart event will fire for every pull BECAUSE no
SESSIONID cookie is ever created and the server has to assume that
every HTTP REQUEST frame is a new session. The response object is
actually just setting a header, of course.
Every redirect is sending a header to the browser equivalent to a
"meta refresh" and that once again triggers the session_onstart.
Geezus. Duh.