We use Stunnel (to strip out SSL) and HAProxy on our Load Balancer –

Question

0

Asked: May 23, 20262026-05-23T07:03:27+00:00 2026-05-23T07:03:27+00:00

We use Stunnel (to strip out SSL) and HAProxy on our Load Balancer –

0

We use Stunnel (to strip out SSL) and HAProxy on our Load Balancer – which then sends on requests to IIS via HTTP.

The problem we have is we want our sites (ASP.NET) to set cookies in a secure fashion – i.e. by setting the requireSSL attribute to true.

When we set this attribute and make a HTTPS request to the site, we get this error:

The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL.

Is it possible to trust the webserver if the the request is coming over SSL from the load balancer? Or is this a non-problem as it is ONLY possible to access our site via SSL (only 443 is open)?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T07:03:28+00:00

Editorial Team

2026-05-23T07:03:28+00:00Added an answer on May 23, 2026 at 7:03 am

Instead of this:

FormsAuthentication.SetAuthCookie(email, false);

try this:

var cookie = FormsAuthentication.GetAuthCookie(email, false);
cookie.Secure = true;
HttpContext.Current.Response.Cookies.Add(cookie);

If you are using ASP.NET MVC, you could also use a global action filter which sets the secure flag on all cookies in the response

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

We use Stunnel (to strip out SSL) and HAProxy on our Load Balancer –

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply