If you have session Id, then you could login to Salesforce directly using below URL hack :
on above URL, you have to replace [instance] by actual salesforce instance name and [sessionId] by actual sessionId of user.
In same way, we can directly login to portals or communities using below URL hack
I tried to see, how can we login to Salesforce after Lightning design is enabled in Salesforce and found that below URL hack actually works, assuming we want to open Opportunity record after successful login. If you don’t want to redirect on any existing lightning page or record then you can simply ignore URL part after [SessionId]
Note : You have to be very careful while using SessionId, If its publicly available then anyone can have access to your Salesforce Org.