When a user accesses AFS v7 reply pages with a web browser (which means that the serviceURI is displayed in the browser location field), the search session mechanism operates automatically and seamlessly — unless the browser is configured to deny cookies from the search domain.
In some complex setups, the AFS search service is not directly accessible to the user: A project-specific front end such as a web portal (on a P domain) may act as a gateway between the user and AFS v7 serviceURI (on an S domain). Queries are not sent directly by the user's browser to AFS but rather by the web portal in-between them.
Web security and privacy mechanisms prevent the portal, on domain P, from accessing cookies originating from AFS, on domain S. The portal cannot transparently proxy the value of the sessionId from the browser to the AFS v7 front end. It is the responsibility of the developer or integrator of the portal to copy AFS v7 cookies from domain S to its own domain P so that the user can receive the cookie in the browser; and conversely to copy the cookie value from domain P to domain S at query time. Otherwise, the afs:sessionId and afs:userId parameters must be set with the value found in the reply feed.