Implementing session handling as URL parameters makes no difference from a legal perspective. It will be covered by the law excatly the same as if one used cookies.
It's the tracking the law is about, not the implementation of it.
Your just picking a worse technical solution for no legal gain.
