topic GlobalProtect authentication behaviour when Encrypt/Decrypt cookie for authentication override expires in GlobalProtect Discussions https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-authentication-behaviour-when-encrypt-decrypt/m-p/553070#M4284 <P>Hello.</P> <P>&nbsp;</P> <P>I am looking for some enlightenment as to what happens or should happen when the certificate used to encrypt/decrypt the authentication cookie presented by the GP Portal expires.</P> <P>&nbsp;</P> <P>My assumption based on real world experience shows users are still presented with the cookie using the expired cert regardless.&nbsp; &nbsp;It would be interesting to see what I can glean from logs if anyone has any technical input as to how to achieve that.&nbsp; Given that the cookie is still presented suggests from a security perspective that the use of a certificate is redundant if it offers no block to service once expired.</P> <P>&nbsp;</P> <P>Appreciate any advise and assistance.</P> <P>&nbsp;</P> <P>Regards</P> Wed, 09 Aug 2023 10:45:51 GMT GrantCampbell4 2023-08-09T10:45:51Z GlobalProtect authentication behaviour when Encrypt/Decrypt cookie for authentication override expires https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-authentication-behaviour-when-encrypt-decrypt/m-p/553070#M4284 <P>Hello.</P> <P>&nbsp;</P> <P>I am looking for some enlightenment as to what happens or should happen when the certificate used to encrypt/decrypt the authentication cookie presented by the GP Portal expires.</P> <P>&nbsp;</P> <P>My assumption based on real world experience shows users are still presented with the cookie using the expired cert regardless.&nbsp; &nbsp;It would be interesting to see what I can glean from logs if anyone has any technical input as to how to achieve that.&nbsp; Given that the cookie is still presented suggests from a security perspective that the use of a certificate is redundant if it offers no block to service once expired.</P> <P>&nbsp;</P> <P>Appreciate any advise and assistance.</P> <P>&nbsp;</P> <P>Regards</P> Wed, 09 Aug 2023 10:45:51 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/globalprotect-authentication-behaviour-when-encrypt-decrypt/m-p/553070#M4284 GrantCampbell4 2023-08-09T10:45:51Z