When is the Authentication cookie deleted from GlobalProtect app?
19780
Created On 10/25/21 04:42 AM - Last Modified 07/14/23 21:05 PM
Question
When is the Authentication cookie deleted from GlobalProtect app?
Environment
- Palo Alto Firewalls
- PAN-OS, 9.1, 10.1, 10.2
- GlobalProtect Portal / Gateway
- Authentication Cookie
Answer
- The Authentication Cookie is cleared when the user clicks on "Sign Out" button on the GlobalProtect App.
- Irrespective of the cookie lifetime, the authentication cookie is cleared.
- SAML session cookies are also cleared during the sign out.
- The purpose of "Sign Out" is to clear the user credentials which includes clearing authentication and SAML session cookies.
GP APP 5.x version (GP App > Settings)
GP APP 6.x version
Note: This can be seen in the PanGPA.log.
(P2892-T17000)Debug( 573): xxx CPanSAMLView::ClearCookies - all internet files deleted include cookies.
(P2892-T17000)Debug( 674): xxx CPanSAMLDlg::ClearCookies - cookies cleared:
(P2892-T17000)Debug(1113): xxx CPanGPApp::HandleSamlClearCookies - remove the saml cookies.
(P2892-T17000)Debug( 205): xxx CPanSettingsGenneral::OnBnClickedSgSignoutBtn - SMAL cookies cleared.
(P2892-T17000)Debug( 222): xxx CPanClientAuth::HandleUserSignout.Additional Information
- When the user logs out or reboots the system, the authentication cookie is still retained.
- Cookie Authentication on the Portal or Gateway