Ok! I think now I understand.
You are right, the UDID, of course, is not sent by the browser. I was convinced that this was due to Safari's security flaw or something like that, because testflightapp adds a unique identifier similar to the UDID, but not.
What they actually do is generate a new DeviceID (not related to the UDID). Then, to register the device, they generate a profile specially created for this DeviceID, which contains the "Payload", which registers the device at the URL that contains this DeviceID generated by testflightapp.
In this registration process, the device requests a profile to send the UDID (plus other data). This is the information the profile requests:
<array> <string>UDID</string> <string>IMEI</string> <string>ICCID</string> <string>VERSION</string> <string>PRODUCT</string> <string>MODEL</string> <string>DEVICE_NAME</string> </array>
So, when a device requests a testflightapp server to register this device, they can associate this DeviceID stored in the profile with the actual UDID of the current device. The way they show in the browser that the process is completed, and save the UDID.
But this does not complete the answer, because I have not yet decided how they really relate to this web session with the UDID, even when the session is dead and DeviceID goes into orphans. The answer seems (not confirmed, but 99% sure!) That the registration process allows you to determine which WebClip to insert into the Springboard menu. This WebClip URL contains the device UDID URL, so anytime you get to testflightapp through this WebClip, you update the session with your UDID, so it doesn't matter if the session died.
Hope my post now helps! Sorry again for the incomplete misinformed previous.