AlchemyWorks use three types of cookie;
Session Cookies - Consisting only of a random data string with no other embedded data. Used to maintain a session context after successful login, these are normally deleted when the browser session ends, however if a user requests to stay logged in, then this will persist.
Profile Cookies - Contain the user ID and domain name to facilitate login. This is only created if the "Remember Me" box is checked at login stage, and will be removed once this is unchecked. No password information is stored, but this should not be enabled on shared or public computers.
Authentication Key - If users are configured to require two factor authentication then a data key will be stored on a device, verified by an emailed one time use code. Login subsequently requires both a password and this data key to be present.