See if you can make use of the Code-Security. ApplicationProfileSetup activity to include condition-based steps to create cases. This get's invoked right after the authentication while setting up a user profile.
I am unsure how to read cookie values in this scenario as the HttpServletRequest object won't be available out of authentication activity.
But if you have a custom authentication activity get the cookie values initially from HttpServletRequest object (java step) and store it on a temp top-level page on clipboard. After authentication, retrieve cookie values from the temp page and set to other property used(passed) for case creation.
Get & Store the cookie values in unauthenticated activities and Perform the case creation action in authenticated activities like ApplicationProfileSetup.
Thanks for reply Harish. I considered that - the only problem with Node Level Data Page is that the cookies are specific to users, and users are guest here. So size of data page can grow to a large no. and then problem of concurrent updates on page can lead to locks. And the real risk is if the JVM is restarted or crashed for some reason, all the values will be lost. Suggestions?
I suggested getting cookie values if you have a custom authentication activity and store it on the clipboard page. The clipboard in unique to the browser user before after authentication and later clipboard values can be reused for case creation.