It would then be a trivial event to go to a suspect's computer and look through the web cache for that token. Get a hit and you've bagged your man.
They didn't have a suspect, so it wasn't so trivial.
Assuming the map was fairly unsual, and assuming Expedia keeps logs long enough, and assuming his IP was clear and informative, then this isn't too remarkable. In the absence of any one of those things, it's more interesting.