Hi smacdonald2008 - yes we have login page where user enters credentials and after authentication login-token cookie is set, issue is that if token has been expired in AEM and user requests page with cookie set in browser it returns 403 even for public pages like homepage and login page.Thanks,Faiz...