Agreed its not perfect. Note that it requires sessionID to be present in each URL request - it won't work if you go directly to site which will not recognise you. In order for 2 people on the same IP (corporate proxy) to see the same content that require authentication both people will need to have the same correct cryptographically strong sessionID, so user A will have to share it with user B, or user B will have to obtain it using some other means (that can allow to obtain other authentication info as well).
As I said - not perfect, not acceptable for high security situations (like online banking), but certainly a substitute for cookies in some scenarios (mobile browsers not supporting cookies?!?). I certainly do not advocate it, merely commenting about alleged "technical impossibility".