From the point of view of the user, the CAE seems to be a second source for WCS cookies as follows: A user requests a landing page from the CAE. Part of this page is a login link. The login will be again handled by the CAE. But to authenticate the user the CAE delegates to the WCS (call 3 in the figure). That is a store front call and WCS creates the usual WCS cookies as result of a successful authentication. The CAE receives them and copies them to the original HTTP response that is sent back to the user.
The next figure shows the copy process in the top right corner. Moreover, you can see that any WCS cookies, that were sent to the CAE will be copied to any back-end call to the WCS.