3.2.5.1 Responding to a Connect or Bind Request Type Request
The server issues a response, as specified in section 2.2.2.2, to a Connect or Bind request type request. The server creates a new Session Context and associates it with a session context cookie. If successful, the server's response includes the Connect request type success response body, as specified in section 2.2.4.1.2, or the Bind request type success response body, as specified in section 2.2.5.1.2; if unsuccessful, the server's response includes the Connect request type failure response body, as specified in section 2.2.4.1.3, or the or Bind request type failure response body, as specified in section 2.2.5.1.3.
The server MUST return the cookie that represents the Session Context as the value of the Set-Cookie header field, as specified in section 2.2.3.2.3. The names of the cookies are implementation- specific.
The server MUST store the authentication context with the newly created Session Context. The server then MUST validate the authentication context on subsequent requests against the Session Context. If the authentication context differs, the server MUST fail the request with a value of 10 ("Context Not Found" error) in the X-ResponseCode header. For details about the X-ResponseCode header, see section 2.2.3.3.3.
The server MUST insure that the client issues only one request at a time within a Session Context. If the server detects that the client has issued simultaneous requests within a Session Context, the server MUST fail every subsequent request with a value of 15 ("Invalid Sequence" error) in the X-ResponseCode header.