Its not best practice to store session details in URL, this can be compromised easily. Maybe try this, take the same URL with session id and launch it in incognito. If it still works, that means the service.com has a lot of security gaps to fill in. Otherwise, they might be storing it in cookies if its not accessible.
ttoinou|9 months ago