I'm not seeing it. Is it possible you're using a computer that already has a session cookie from someone else accessing the same site? Mojolicious is pretty good about not leaking, and no data is actually stored anywhere on the server.
Unfortunately I've learned that dotCloud will be abandoning their "sandboxes are free" policy. I don't think there's any viable business model there, so it might disappear when they pull the plug on sandbox apps. ...or I could move it to heroku, but then spreading the word on the change is difficult.