ok.

This is delegated authentication and passwords are not given in Cache, but this is good to know. 

Working with Angularb4 etc, Cache serve, json/rest services and especially session handling with different browsers. We make apps for hospitals and the authentication is important, and other security like autologout after certain timeout etc. Now we have big problems, because %session will change the user to other on same browser, but keeping licence id. How to code app, if you don't keep the session. Different CSP app for login, and then transfering securetoken given by Cache server in every request from client?

This seems to be strange. Works when working on Windows laptop with GC or FF, not IE, not on Android tablet with GC, on mobile phone with Safari.