Dunno how important it is, but thought you'd like to know. I have XML sitemap installed on Drupal 7.28. XML sitemap custom, engines, node and taxonomy modules are enabled, internationalization, menu and user modules are disabled. I got this warning logged when someone with IP 5.255.253.74 (seems to be an image bot belonging to the search engine Yandex) accessed my site's sitemap.xml:
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /sites/all/modules/xmlsitemap/xmlsitemap.pages.inc:118) in drupal_session_start() (line 287 in /includes/session.inc).
I tried to reproduce it by deleting cookies and going to sitemap.xml but had no luck. Maybe you'll eventually find a related issue or something and will be able to fix whatever caused this warning to appear.
Update: Got the same error with Google bot and Google bot simulator. So it's no random fluke but a full-blown reproducible bug. I'm increasing the priority from minor to normal. Please see what you can do about it.