You are being the victim of a session fixation attack. I wrote an article about this. The attacker has created a session on the yahoo server, and, if the server has the "proper" session management system, will be able to use your active session if you login, as he will only be required to visit the site while giving the same session ID in the url arguments, as he gave you in the email link.

Avoid giving any personal information to a site, when the URL to that site was given to you by third parties and contains an obvious session id or weird complex URL arguments.