it uses standard rails sessions, and an optional remember_me cookie if
you want. Rails sessions are kept on the client side through another
cookie, usually __session_id or something.
Why not visit your app and view what cookies it's using in your web
browser? Firefox has a decent cookie/privacy section.