Sessions are created during the login process and stored in memory on the server as well as the browser cookie. The session ID expires after the logout link is clicked, the browser closes, or no activity after the session timeout setting in General Settings which can be found in Organization Settings.
The session ID is not passed on within the URL.
Note: Cookies are required to log in; if they are disabled, you are not able to log in.