mTLS persistence/cache?

Hi everyone,

I got an HAProxy 3.0.2 running configured for mTLS authentication on the frontend, and forward of the client certificate through headers in the backend.
The goal of this conf is to be able to manipulate HTTP flow on HAProxy but being able to make smartcard authentication possible on the backend.

What I find weird is that if I make a first authentication, then get the smartcard out of the reader, then re-run the authentication process, it works in mTLS whereas, without smartcard inserted, it should not anymore.

I first thought it may be due to keep alive on client side and passed defaults “option http-server-close” to “option httpclose”. However, still the same.

Any idea in which direction to search for ?

I didn’t precise this, but actually I’m pretty sure this is due to HAProxy because if I restart it, I’m no longer able to login as smartcard reader asks me for PIN.

Nobody could point me to an eventual right direction ?