it uses standard rails sessions, and an optional remember_me cookie if you want. Rails sessions are kept on the client side through another cookie, usually __session_id or something.
Why not visit your app and view what cookies it's using in your web browser? Firefox has a decent cookie/privacy section.