3.1.5.7 Processing Token Response Messages

The client MUST respond by sending a First Authenticated Request message to the URL indicated by the ru parameter (typically the original partner server's URL) and setting Sent First Authenticated Request to TRUE. Its from-PP value MUST be set to the value of the from-PP value in the just-received Token Response message. The tname parameter values, if present, are strictly informational and MAY be ignored. However, the Passport Cookies, set on the client by the authentication server as part of the accompanying HTTP response, MUST be passed to the authentication server (as specified in [RFC2109]) every time an HTTP request is issued to that server until they are deleted, either by user action or in response to an Authentication Server Logout message (see section 3.1.5.5).<9>