The web browser sends the cookie to IAM with every following request until the cookie expires (usually days or months).
IAM verifies the cookie and automatically authenticates the user if the remember-me cookie is still valid.
Important Notice
Remember-me cookies are only verified by the /check-login URL of the Airlock IAM Loginapp.
Please ensure that the "denied access URL" in the Airlock Gateway (WAF) mapping is pointing to this URL (and not to /login).