3.2.5.1.2.3 Cookie Data
The server MUST maintain a configuration setting for the cookie path to use for [RFC2965] session cookies. This cookie path MUST be included in the response as the CookiePath element.
The server MUST maintain a configuration setting for whether to issue a cookie caching the web browser requestor's security realm selection. If the selection MUST be cached, then the server MUST include a value of FALSE in the response in the SuppressRealmCookie element. If the selection is not cached, then the server MUST include a value of TRUE in the response in the SuppressRealmCookie element.
The server MUST maintain a configuration setting for how long a web browser requestor's security realm selection is to be cached in a cookie. This realm cookie lifetime MUST be included in the response as the RealmCookieLifetime element.