diff --git a/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs b/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs
index 4b6fe8e8e..b1d41b3ed 100644
--- a/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs
+++ b/dotnet/src/dotnetcore/GxNetCoreStartup/Startup.cs
@@ -22,6 +22,7 @@
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Features;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.ApplicationModels;
 using Microsoft.AspNetCore.Mvc.ModelBinding;
@@ -259,7 +260,10 @@ public void ConfigureServices(IServiceCollection services)
 			{
 				options.IdleTimeout = TimeSpan.FromMinutes(Preferences.SessionTimeout);
 				options.Cookie.HttpOnly = true;
-				options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
+				if (Preferences.HttpProtocolSecure()) 
+					options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
+				else
+					options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
 				options.Cookie.IsEssential = true;
 				string sessionCookieName = GxWebSession.GetSessionCookieName(VirtualPath);
 				if (!string.IsNullOrEmpty(sessionCookieName))
@@ -562,6 +566,10 @@ public void Configure(IApplicationBuilder app, Microsoft.AspNetCore.Hosting.IHos
 					provider.Mappings[mapping.Key] = mapping.Value;
 				}
 			}
+			app.UseForwardedHeaders(new ForwardedHeadersOptions
+			{
+				ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedFor
+			});
 			if (GXUtil.CompressResponse())
 			{
 				app.UseResponseCompression();
diff --git a/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttpModules.cs b/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttpModules.cs
index c555ea02b..90c73178d 100644
--- a/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttpModules.cs
+++ b/dotnet/src/dotnetframework/GxClasses/Middleware/GXHttpModules.cs
@@ -241,7 +241,7 @@ public void Init(HttpApplication app)
 
 		private void Session_Start(object sender, EventArgs e)
 		{
-			if (App.Request.GetIsSecureFrontEnd() || App.Request.GetIsSecureConnection() == 1)
+			if (App.Request.GetIsSecureFrontEnd() || App.Request.GetIsSecureConnection() == 1 || Preferences.HttpProtocolSecure())
 			{
 				HttpCookie sessionCookie = RetrieveResponseCookie(App.Response, cookieName);