I had been using the cookie-based session until recently, then
switched to using active_record_store (db) as it said:
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
in the session_store.rb file.
Everything works fine, but I don't really understand why it's still
setting a cookie instead of just using the session db. Is that a
normal behavior when using a database for session management?