using stolen aspsession ids

[John Allen Scimone <jscimone () cc gatech edu>]

I have recently been testing a new dynamic website that my company is
coding and found multiple area's vulnerable to cross site scripting.  I
wrote code to retrieve someone's document.cookie with their ASPSESSIONID,
however I am not quite sure how I can use that to then hijack their
session.  If this is not possible then I am not going to take the time to
fix the cross site scripting problems, the reason I think it might not be
possible is because the site
uses a single asp file and sends a generated random id # as the
querystring which is then referenced by our database to get the
corresponding real query string.  wouldn't i need to connect to the server
with a cookie: ASPSESSIONIDxxx=xxxxxxx to webpath/script.asp?xxxxx and
know that id after the question mark, this wouldn't be possible just
having the cookie I don't think.

Also what other possibilities are there to exploit the cross site
scripting hole, for example if there was an error page that only the user
submitting the false url can see then what damage could be done?

If anyone can post common ways to exploit both cross site scripting holes
where other users run your code and also ones where only you load the page
with your code that would be appreciated. 
thanks.
                                        
                        -John Allen Scimone (jscimone () cc gatech edu)