CA API Gateway and CA Siteminder have been integrated, and some of the services protected by CA Siteminder have been published on the Gateway (serviceA). Some of the services have not been published (serviceB).
When accessing serviceA, a SMSESSION cookie gets written. On accessing serviceB this SMSESSION cookie doesn't get reused, instead the user needs to re-authenticate.
When first accessing serviceB and then serviceA the SMSESSION cookie gets reused and there is no need for re-authentication.