Requestor IP/STS Security Realm Discovery

As specified in Relying Party Web Browser Requestor Sessions List (section, resource IP/STS MAY store a session identifier for the web browser requestor in an HTTP session cookie (for more information, see [RFC2965]). It SHOULD use this identifier and its Inbound Sessions List to look up the correct requestor IP/STS.<79>