Can a session token be generated in pure HTTP?

I believe the answer to my question is currently “no” because according to this post parameters are not accepted in the url - only in the headers. Can someone correct me if I am mistaken?