It uses something like below.
- Whatsapp web application is opened by user via web browser.
- Server creates a UNIQUE token (number) and embeds that number in QR-Code
- Whatsapp phone application reads QR-Code and decodes token.
- Whatsapp phone application sends information about its current user and this newly read token to whatsapp server.
- Whatsapp server matches token (+ phone app user information) with web browser.
- It automatically authenticates user and open new web page with his/her information on it.