Creating an access token for a session and putting it as a query parameter named access_token in the URL of the session will give access to the session to anyone who has the URL.

http://app.sessionstack.com/player/#/sessions/5832ce33c93f8e1d665f15e6?access_token=779aef3287e54966b4f15e214761e12f

This would load a session with Id equal to 5832ce33c93f8e1d665f15e6 even if you don't have access to iy.