diff -upr flag/flag.inc flag_new/flag.inc
--- flag/flag.inc	2008-10-16 18:13:00.000000000 +0200
+++ flag_new/flag.inc	2009-02-14 20:40:54.000000000 +0100
@@ -318,6 +318,9 @@ class flag_flag {
     if (!isset($account)) {
       $account = $GLOBALS['user'];
     }
+    if ($account->uid == 0 && !module_exists('session_api')) {
+      return FALSE;
+    }
     $matched_roles = array_intersect($this->roles, array_keys($account->roles));
     return !empty($matched_roles) || empty($this->roles) || $account->uid == 1;
   }
@@ -344,16 +347,6 @@ class flag_flag {
     if (!$account) {
       return FALSE;
     }
-
-    if (!$account->uid) {
-      // Anonymous users can't flag with this system. For now.
-      //
-      // @todo This is legacy code. $flag->user_access() should handle this.
-      // This will also make it posible to have flags that do support anonymous
-      // users.
-      return FALSE;
-    }
-    
     if (!$skip_permission_check && !$this->user_access($account)) {
       // User has no permission to use this flag.
       return FALSE;
@@ -369,14 +362,15 @@ class flag_flag {
 
     // Perform the flagging or unflagging of this flag.
     $uid = $this->global ? 0 : $account->uid;
-    $flagged = $this->_is_flagged($content_id, $uid);
+    $sid = $this->global ? 0 : flag_get_sid($account);
+    $flagged = $this->_is_flagged($content_id, $uid, $sid);
     if ($action == 'unflag' && $flagged) {
-      $this->_unflag($content_id, $uid);
+      $this->_unflag($content_id, $uid, $sid);
       // Let other modules perform actions.
       module_invoke_all('flag', 'unflag', $this, $content_id, $account);
     }
     elseif ($action == 'flag' && !$flagged) {
-      $this->_flag($content_id, $uid);
+      $this->_flag($content_id, $uid, $sid);
       // Let other modules perform actions.
       module_invoke_all('flag', 'flag', $this, $content_id, $account);
     }
@@ -394,17 +388,17 @@ class flag_flag {
    *   Optional. The user ID whose flags we're checking. If none given, the
    *   current user will be used.
    */
-  function is_flagged($content_id, $uid = NULL) {
-    $uid = !isset($uid) ? $GLOBALS['user']->uid : $uid;
+  function is_flagged($content_id, $uid = NULL, $sid = NULL) {
+    $uid = $this->global ? 0 : (!isset($uid) ? $GLOBALS['user']->uid : $uid);
+    $sid = $this->global ? 0 : (!isset($sid) ? flag_get_sid($GLOBALS['user']) : $sid);
 
     // flag_get_user_flags() alreday does caching, but nevertheless we manage a
     // cache of our own to save on function calls.
     static $flag_status = array();
-    if (!isset($flag_status[$uid][$this->content_type][$content_id])) {
-      $flag_status[$uid][$this->content_type][$content_id] = flag_get_user_flags($this->content_type, $content_id, $uid);
+    if (!isset($flag_status[$uid][$sid][$this->content_type][$content_id])) {
+      $flag_status[$uid][$sid][$this->content_type][$content_id] = flag_get_user_flags($this->content_type, $content_id, $uid, $sid);
     }
-
-    return isset($flag_status[$uid][$this->content_type][$content_id][$this->name]);
+    return isset($flag_status[$uid][$sid][$this->content_type][$content_id][$this->name]);
   }
 
   /**
@@ -419,8 +413,8 @@ class flag_flag {
    *
    * @private
    */
-  function _is_flagged($content_id, $uid) {
-    return db_result(db_query("SELECT fid FROM {flag_content} WHERE fid = %d AND uid = %d AND content_id = %d", $this->fid, $uid, $content_id));
+  function _is_flagged($content_id, $uid, $sid) { 
+    return db_result(db_query("SELECT fid FROM {flag_content} WHERE fid = %d AND uid = %d AND sid = %d AND content_id = %d", $this->fid, $uid, $sid, $content_id));
   }
 
   /**
@@ -431,8 +425,8 @@ class flag_flag {
    *
    * @private
    */
-  function _flag($content_id, $uid) {
-    db_query("INSERT INTO {flag_content} (fid, content_type, content_id, uid, timestamp) VALUES (%d, '%s', %d, %d, %d)", $this->fid, $this->content_type, $content_id, $uid, time());
+  function _flag($content_id, $uid, $sid) {
+    db_query("INSERT INTO {flag_content} (fid, content_type, content_id, uid, sid, timestamp) VALUES (%d, '%s', %d, %d, %d, %d)", $this->fid, $this->content_type, $content_id, $uid, $sid, time());
     $this->_update_count($content_id);
   }
 
@@ -444,8 +438,8 @@ class flag_flag {
    *
    * @private
    */
-  function _unflag($content_id, $uid) {
-    db_query("DELETE FROM {flag_content} WHERE fid = %d AND uid = %d AND content_id = %d", $this->fid, $uid, $content_id);
+  function _unflag($content_id, $uid, $sid) {
+    db_query("DELETE FROM {flag_content} WHERE fid = %d AND uid = %d AND sid = %d AND content_id = %d", $this->fid, $uid, $sid, $content_id);
     $this->_update_count($content_id);
   }
 
@@ -476,10 +470,10 @@ class flag_flag {
   /**
    * Returns the number of items a user has flagged.
    *
-   * For global flags, pass '0' as the user ID.
+   * For global flags, pass '0' as the user ID and session ID.
    */
-  function get_user_count($uid) {
-    return db_result(db_query('SELECT COUNT(*) FROM {flag_content} WHERE fid = %d AND uid = %d', $this->fid, $uid));
+  function get_user_count($uid, $sid) {
+    return db_result(db_query('SELECT COUNT(*) FROM {flag_content} WHERE fid = %d AND uid = %d AND sid = %d', $this->fid, $uid, $sid));
   }
 
   /**
@@ -1062,3 +1056,16 @@ function _flag_url($path, $fragment = NU
     : url($path, array('absolute' => TRUE, 'fragment' => $fragment));
 }
 
+function flag_get_sid(&$account) {
+  if (module_exists('session_api')) {
+    if (session_api_available() && $account->uid == 0) {
+      return session_api_get_sid();
+    }
+    else {
+      return 0;
+    }
+  }
+  else {
+    return 0;
+  }
+}
\ No newline at end of file
diff -upr flag/flag.install flag_new/flag.install
--- flag/flag.install	2008-10-22 23:50:20.000000000 +0200
+++ flag_new/flag.install	2009-02-14 20:40:54.000000000 +0100
@@ -174,6 +174,12 @@ function flag_schema() {
         'not null' => TRUE,
         'default' => 0,
       ),
+      'sid' => array(
+        'type' => 'int',
+        'unsigned' => TRUE,
+        'not null' => TRUE,
+        'default' => 0,
+      ),
       'timestamp' => array(
         'type' => 'int',
         'unsigned' => TRUE,
@@ -182,10 +188,11 @@ function flag_schema() {
         'disp-size' => 11,
       )
     ),
-    'primary key' => array('fid', 'content_type', 'content_id', 'uid'),
+    # 'primary key' => array('fid', 'content_type', 'content_id', 'uid'),
+    'primary key' => array('fid', 'content_type', 'content_id', 'uid', 'sid'),
     'indexes' => array(
       'content_type_content_id' => array('content_type', 'content_id'),
-      'content_type_uid' => array('content_type', 'uid'),
+      'content_type_uid' => array('content_type', 'uid', 'sid'),
     ),
   );
 
diff -upr flag/flag.module flag_new/flag.module
--- flag/flag.module	2008-10-13 13:29:01.000000000 +0200
+++ flag_new/flag.module	2009-02-14 20:40:54.000000000 +0100
@@ -131,11 +131,6 @@ function flag_link($type, $object = NULL
   }
   global $user;
 
-  // Anonymous users can't create flags with this system.
-  if (!$user->uid) {
-    return;
-  }
-
   // Get all possible flags for this content-type.
   $flags = flag_get_flags($type);
   
@@ -198,14 +193,8 @@ function flag_form_alter(&$form, &$form_
       );
     }
   }
-  elseif (isset($form['type']) && isset($form['#node'])
-      && ($form_id == $form['type']['#value'] .'_node_form')) {
-    if (!$user->uid) {
-      return;
-    }
-
+  elseif (isset($form['type']) && isset($form['#node']) && ($form_id == $form['type']['#value'] .'_node_form')) {
     $nid = !empty($form['nid']['#value']) ? $form['nid']['#value'] : NULL;
-
     $flags = flag_get_flags('node', $form['type']['#value'], $user);
 
     // Filter out flags which need to be included on the node form.
@@ -277,7 +266,7 @@ function flag_user($op, &$edit, &$accoun
   switch ($op) {
     case 'delete':
       // Remove flags by this user.
-      db_query("DELETE FROM {flag_content} WHERE uid = %d", $account->uid);
+      db_query("DELETE FROM {flag_content} WHERE uid = %d AND sid = %d", $account->uid, flag_get_sid($account));
       break;
     case 'view';
       $flags = flag_get_flags('user');
@@ -531,14 +520,14 @@ function flag_form(&$form_state, $name, 
       '#value' => '<em>' . t('Note: You don\'t have the <a href="@token-url">Token</a> module installed. If you have it installed, and enabled, you\'ll be able to embed tokens in the six labels above.', array('@token-url' => 'http://drupal.org/project/token')) . '</em>',
     );
   }
-
+  $user_roles_available = module_exists('session_api') ? "" : 1;
   $form['roles'] = array(
     '#type' => 'checkboxes',
     '#title' => t('Roles that may use this flag'),
-    '#options' => user_roles(TRUE),
+    '#options' => user_roles($user_roles_available), 
     '#default_value' => $flag->roles,
     '#required' => TRUE,
-    '#description' => t('Checking <em>authenticated user</em> will allow all logged-in users to flag content with this flag. Anonymous users may not flag content.'),
+    '#description' => t('Checking <em>authenticated user</em> will allow all logged-in users to flag content with this flag. Anonymous users cannot be allowed to flag content if <a href="http://drupal.org/project/session_api">Session API</a> module is unavailable.'),
   );
 
   $form['global'] = array(
@@ -1038,33 +1027,32 @@ function flag_get_flags($content_type = 
  *   [nid] => [name] => Object from above.
  *
  */
-function flag_get_user_flags($content_type, $content_id = NULL, $uid = NULL, $reset = FALSE) {
+function flag_get_user_flags($content_type, $content_id = NULL, $uid = NULL, $sid = NULL, $reset = FALSE) {
   static $flagged_content;
-
   $uid = !isset($uid) ? $GLOBALS['user']->uid : $uid;
-
+  $sid = !isset($sid) ? flag_get_sid($GLOBALS['user']) : $sid;
   if (isset($content_id)) {
-    if (!isset($flagged_content[$uid][$content_type][$content_id]) || $reset) {
+    if (!isset($flagged_content[$uid][$sid][$content_type][$content_id]) || $reset) {
       $flags = flag_get_flags($content_type);
-      $flagged_content[$uid][$content_type][$content_id] = array();
-      $result = db_query("SELECT * FROM {flag_content} WHERE content_type = '%s' AND content_id = %d AND (uid = %d OR uid = 0)", $content_type, $content_id, $uid);
+      $flagged_content[$uid][$sid][$content_type][$content_id] = array();
+      $result = db_query("SELECT * FROM {flag_content} WHERE content_type = '%s' AND content_id = %d AND (uid = %d OR uid = 0) AND sid = %s", $content_type, $content_id, $uid, $sid);
       while ($flag = db_fetch_object($result)) {
-        $flagged_content[$uid][$content_type][$content_id][$flags[$flag->fid]->name] = $flag;
+        $flagged_content[$uid][$sid][$content_type][$content_id][$flags[$flag->fid]->name] = $flag;
       }
     }
-    return $flagged_content[$uid][$content_type][$content_id];
+    return $flagged_content[$uid][$sid][$content_type][$content_id];
   }
 
   else {
-    if (!isset($flagged_content[$uid]['all'][$content_type]) || $reset) {
+    if (!isset($flagged_content[$uid][$sid]['all'][$content_type]) || $reset) {
       $flags = flag_get_flags($content_type);
-      $flagged_content[$uid]['all'][$content_type] = TRUE;
-      $result = db_query("SELECT * FROM {flag_content} WHERE content_type = '%s' AND (uid = %d OR uid = 0)", $content_type, $uid);
+      $flagged_content[$uid][$sid]['all'][$content_type] = TRUE;
+      $result = db_query("SELECT * FROM {flag_content} WHERE content_type = '%s' AND (uid = %d OR uid = 0) AND sid = %s", $content_type, $uid, $sid);
       while ($flag = db_fetch_object($result)) {
-        $flagged_content[$uid][$content_type]['all'][$flags[$flag->fid]->name][$flag->content_id] = $flag;
+        $flagged_content[$uid][$sid][$content_type]['all'][$flags[$flag->fid]->name][$flag->content_id] = $flag;
       }
     }
-    return $flagged_content[$uid][$content_type]['all'];
+    return $flagged_content[$uid][$sid][$content_type]['all'];
   }
 
 }
diff -upr flag/includes/flag_handler_field_ops.inc flag_new/includes/flag_handler_field_ops.inc
--- flag/includes/flag_handler_field_ops.inc	2008-09-18 17:37:47.000000000 +0200
+++ flag_new/includes/flag_handler_field_ops.inc	2009-02-14 20:40:54.000000000 +0100
@@ -40,6 +40,7 @@ class flag_handler_field_ops extends vie
    * it's flagged.
    */
   function query() {
+    global $user;
     $parent = $this->get_parent_relationship();
     $flag = $this->get_flag();
     $info = $flag->get_views_info();
@@ -60,6 +61,11 @@ class flag_handler_field_ops extends vie
         'value' => '***CURRENT_USER***',
         'numeric' => TRUE,
       );
+      $join->extra[] = array(
+        'field' => 'sid',
+        'value' => flag_get_sid($user),
+        'numeric' => TRUE,
+      );
     }
     $flag_table = $this->query->add_table('flag_content', $parent, $join);
     $this->aliases['is_flagged'] = $this->query->add_field($flag_table, 'content_id');
diff -upr flag/includes/flag_handler_relationships.inc flag_new/includes/flag_handler_relationships.inc
--- flag/includes/flag_handler_relationships.inc	2008-10-04 02:20:35.000000000 +0200
+++ flag_new/includes/flag_handler_relationships.inc	2009-02-14 20:40:54.000000000 +0100
@@ -64,12 +64,18 @@ class flag_handler_relationship_content 
    * Called to implement a relationship in a query.
    */
   function query() {
+    global $user;
     $flag = flag_get_flag($this->options['flag']);
     $this->definition['extra'][] = array(
       'field' => 'fid',
       'value' => $flag->fid,
       'numeric' => TRUE,
     );
+    $this->definition['extra'][] = array(
+      'field' => 'sid',
+      'value' => flag_get_sid($user),
+      'numeric' => TRUE,
+    );
     if ($this->options['user_scope'] == 'current' && !$flag->global) {
       $this->definition['extra'][] = array(
         'field' => 'uid',