The average person (who makes use of the internet) has probably tried sharing a link with someone, at times when we copy and paste links it all looks like gibberish, there is however a pattern to every link, there is also a reason why you can share a link to someone and what the person will see after clicking that link will be vastly different from what you'll see using that link.
When you accept cookies on some website they create a unique identifier for you (based on what you're doing on the platform) that works with a "session" to enable you to enjoy seamless use of your favorite platforms. It's why you don't have to login every time you open some sites, you'd be signed in straight away because the browser recognizes you and helps the site you access to remember you. This is related to why YouTube can sometimes remember the exact point you stopped watching a video and when you return, you immediately pick up where you left off even when you may have forgotten where you stopped.
The session you're operating on a platform can also be terminated which is why after a period of time you're required to login in order to create a new session that the browser and the platform you're using can use to record your activities. There's a concept known as Model View Controller (MVC) that also dictates what you can see and do on a platform. If a person shares you the link to the admin login of a website you use, you most likely won't be able to open that particular page, you'll be redirected. This helps in authentication and authorization issues. To bring it closer to home, let's look at this post for example. You the view are not authorized to do more than like and comment on the post. I can like, comment, or delete my post (because there's a special authorization I enjoy as the creator of the post), If I sign into Hashnode with another account, Hashnode won't recognize me as the creator of this post, I'll be just like you. I also believe that the administrators of Hashnode also have more authorization, they can do all that I as the creator of the post can do, they can also delete my account, ban me or do some other things. These layers of responsibility help create a separation of power which is made possible by authentication and authorization features built into MVC when it is properly implemented.
A session, cookie, or token is usually unreadable (because they're random characters) strings of characters that are not just unique to a user, but also unique to the browser, the activities, time, and place of the client accessing the platform. On Twitter, for example, there are posts or videos that aren't available outside of a particular country. All of these features built into the web are what enable us to be able to regulate the use of the internet in order to provide security, improve performance, ensure privacy and overall grow the quality of the internet and not just the user experience.