UTM parameters can be identifying but not generally considered private - rather the opposite - so while you can link your cookie to UTM parameters and join with other UTM-keyed traffic data for useful results, you can't do the inverse and use knowledge of UTM parameters as sufficient proof to recover a session cookie.