I agree that you should do what you can to prevent session ids in the URL.
From my own experience, a couple years ago (when we had session ids in the url) I would sit and watch live log files and see Google (and other search engines) indexing the same pages over and over... Though I can't be 100% positive - it seemed like Google saw that I had A LOT of duplicate content on my site.
Regarding passing PR - well, Google doesn't pass PR the same to duplicate pages as it does the original page it found. See the problem? How do you know what page it gave the PR too? Most likely a URL with a session id in it....
Example: Lets say your main page has a PR5 - in a happy world you may like to see "www.domain.com/pageA.html" with a PR4 (or PR5) - but with session ids in place - Google may never see "www.domain.com/pageA.html" - it sees:
Which page got the PR? Who knows.
What I ended up doing is writing some PHP to detect bots and turn sessions off it was a bot - so there was no chance of a session id being appended to the URL. By doing so I noticed PR being shared throughout our pages A LOT better than before.
I hope that helps in some way. You never know with Google though, someone could have a completely different experience than mine. Google may handle session ids differently now. But, I still think it would be wise to make sure those Session ids from your URLs - There are other bots out there to consider that may not take so kindly to session ids.