the session id can be passed either in the url or via a cookie. There is no difference between the two methods with regards to the session functionality.

there are other issues to consider, such as session hijacking, which may influence which method you use