[eluser]tomdelonge[/eluser]
Normally, when you store the session in a database, there's still a cookie with an id in it. Then you use that id to lookup the session row in the db.
Storing session data in a db has several advantages. First, cookies have a limit as to how much you can store in it. Encrypting sessions in cookies makes it so you can only fit even less. Also, storing in the database prevents tampering (though if it's encrypted or you're checking against an ip address then there probably won't be a problem).
The only real advantage (that I can think of) for storing in a cookie instead would be to take workload off of the database.
You can also change how long sessions last and such in the config file, I think you're talking about the "time to update" variable, rather than the "time to expiration" variable.
Hope that helps...