Actually it can use both. You can have WWWThreads use sessions, but initially recognize you via a cookie. You have to change a setting in the php.ini file though, else the cookie is either not set or just expires too quick (I honestly don't know which...same thing though).
That way, for paranoid people they can still get in and use sessions (just block all cookies from your site). For all others, they don't have to login each time if they don't want to.