This typically involves an ongoing communication where several webpages are requested by the client and sent back to them by the server.
In such a situation, it is vital to keep track of the current state of the shopper's cart, and a session ID is one way to achieve that goal.
It is different from a user ID in that sessions are typically short-lived (they expire after a preset time of inactivity which may be minutes or hours) and may become invalid after a certain goal has been met (for example, once the buyer has finalized their order, they cannot use the same session ID to add more items).
A session ID is usually a randomly generated string to decrease the probability of obtaining a valid one by means of a brute-force search.
Many servers perform additional verification of the client, in case the attacker has obtained the session ID.