or, in more detail:

	User/Browser's action	Web Server's action	Cookie Server's action
1	Request COW hotlist, or any secure resource.
2		Receives request, and if request requires authentication, asks cookie server if user is already authenticated.
3a			If user is not authenticated, returns that to web server.
4a		If user is not authenticated, generates login page for the user. This includes an unauthenticated authorization cookie.
5a	Sees login page, and enters uniqname and Kerberos password into secure web page, sending that information to the web servers.
6a		Receives login information, and checks user's password for validity. If the password is correct, it registers the authorization cookie with the cookie server.
7a			Receives registration of cookie, and stores cookie, with a four hour expiration time, in a database. The cookie is stored with the IP number of the host that the user is using, and the uniqname of the user. At no time is the password stored on the server.
8a		Redirects user's browser to the resource the user originally wanted.
9a	Gets redirection, and again requests the original, secure resource.
2		Receives request, and asks cookie server if user is already authenticated.
3b			If user is authenticated, returns that to the web server.
4b		Checks to see if resource requires further authorization, and if it does, requests that information from the cookie server.
5b			If user is authorized, returns that to the web server.
6b		If the user is authenticated and authorized, provides user with the resource, whether it's a web page, a conference in Conferencing On the Web, or a ballot to vote for student government elections. If user is authenticated but not authorized, returns a "Forbidden" web page.
10	Finally sees requested resource.