Abstract : In the context of deductive program veri cation, both the speci fication and the code evolve as the veri fication process carries on. For instance, a loop invariant gets strengthened when additional properties are added to the specifi cation. This causes all the related proof obligations to change; thus previous user verifi cations become invalid. Yet it is often the case that most of previous proof attempts (goal trans- formations, calls to interactive or automated provers) are still directly applicable or are easy to adjust. In this paper, we describe a technique to maintain a proof session against modifi cation of verifi cation conditions. This technique is implemented in the Why3 platform. It was successfully used in developing more than a hundred verifi ed programs and in keeping them up to date along the evolution of Why3 and its standard library. It also helps out with changes in the environment, e.g. prover upgrades.