This behavior is expected. By default, the DSID session cookie is removed from the browser after it is transferred to the client component that was launched.
If the PCS admin does not want users to see this message or does not want to have the session cookie removed then they can set the Remove Session Cookie from Browser
under Role > General > Session Options
The PCS issues an HTTP cookie to authenticate a user session (DSID
), which is shared by client components (NC/WSAM/Pulse Secure Desktop Client) and the browser. Generally, browsers do not store cookies in any secure manner; so it is relatively easy for an attacker to obtain the DSID cookie and gain access to a secure session.
When this option is enabled, the DSID cookie is removed from the browser which prevents a potential hijacker from gaining access to the session cookie through cross-site scripting, for example.
By disabling this option it may be possible for an attacker to gain access to the user session cookie if the user's machine is compromised.