Well yes, but that's intended ?
The Session in the URL is a fallback if the cookie cannot be read/set properly. If you then copy the session to a new window/browser you of course keep the session.
What would you guys expect?
If you want a completly new button you need to modify files. If you "only" want to extend an existing button, you can do it via sysconfig.