In opencart I see that URLs look like this below:
https://www.example.com/admin/index.php?route=common/dashboard&token=Ger45ZJMsdfSSDggHfghI4wcQzbD
is this token my session id? If yes, is it secure to pass session id on url (with or without ssl)?
No, the token parameter is not the session id.
The token parameter is assigned as a session variable by admin/controller/common/login.php when you log in (varies depending on version):
$this->session->data['token'] = md5(mt_rand());
To get the session id you can call:
$this->session->getId();
Which is defined in system/library/session.php. You can clearly see they are two different things.