When you use forms authetication, an authentication token is required to identify the returning user so that his session information can be provided to him.
If we use cookies then this information will be put in form of cookie in the users browser. If we use cookieless then this information will be stored in the Users URL. I am not aware of any third behavior.
When we use cookieless i.e. when this information is stored in the URL the cookies are not required to be enabled on client side. So even the users with disabled cookies will be able to access session information.
Please refer to these 2 articles for more details on forms authentication and sessions.
Understanding Session Management Techniques in ASP.NET[
^]
Understanding and Implementing ASP.NET Custom Forms Authentication[
^]