Thanks for your input, Michael. My host insinuated the "predictable" 7-digit cartID sessions are coming from the site code. CW3 PHP is the application in this case. I've never modified any cartID session code within the PHP files. Is a fix necessary or does Requirement #8 above address this?
Thanks again for your assistance.
