Instead of passing session tokens via URLs, use cookies. Cookies will persist during the periods your users are looking at .html pages.