This article is to detail the differences between being authenticated "from cache" and "by Policy Server".
A request is received by an Agent for a protected resource and there is no valid SMSESSION then the client must be challenged to authenticate.
This is when a user's session is newly generated from actual Authentication performed by Policy Server by validating the user submitted credentials.
Request is sent to Policy Server and upon successful authentication the client gets SMSESSION(gets a sessionid) cookie and the processing agent will register this session information in its SessionCache.
This is where the agent trace log will report "is authenticated by Policy Server".
In the subsequent request if it comes with a valid SMSESSION and if that sessionid is found in the SessionCache then the agent does not need to make IsAuthenticated call to the Policy Server(which contains this same sessionid where it is registered in the SessionCache) and agent trace log will report "is authenticated from cache".