Can URLs be sniffed when using SSL?
HTTPS uses TLS, which is Transport Layer Security. HTTP as a protocol, runs above the transport layer. This means that all of the communication made by HTTPS, including the URL is protected.
Passing the session id in the URL is insecure for other reasons. For example it exposes the possibility of Session Fixation. The Session ID written to paper if a user prints a webpage. It also defeats the use of HTTPOnly cookies... This is just a bad idea and its likely that this bank has made other poor choices in regards to security.
No, the URL is not passed in plain text when making an HTTPS request but as Rook stated, there are other vulnerabilities in passing session id in the URL.
1. One of them is that your sessions ID will be listed as the referrer url. So if you click a link from your banks website to another website, the linked site will now log your session id. The same will happen with any images or scripts loaded.
2. On top of the problem with the linked site storing the information, if the link is to a non-https site, then that referrer url containing your session id will be sent in plain text allowing anyone sniffing the network to get the URL.