I don't know details about your app but normally it works as follow:
When user is trying to log in to your app, app redirect him to the CAS
for authentication, the CAS then create "session" for him by
generating the cookie and redirect him back to app, app validate the
cookie against the CAS and then create own session if everything
succeed.