Please explain the flow of how the SMSESSION cookie is validated for a non-persistent session including the Agent cache.
When the Agent receives the SMSESSION cookie, it extracts the Session ID and the Session Spec, and it checks them against the values stored in the User Session Cache.
If the Agent cache doesn’t contain corresponding entry, the Agent uses the Validate() call to pass the Session ID and the Session Spec to the Policy Server for validation.
If the validation succeeds, the Policy Server returns the updated Session Spec to the Agent. The Session ID is not modified in the course of validation.