I originally posted this as a
bug, but got reprimanded for that, so i'm reposting it here.
"The error appears to be occurring here: Orchard\Mvc\AntiForgery\AntiForgeryAuthorizationFilter.cs:line 39 which looks like this:
if (filterContext.HttpContext is HackHttpContext)
not really sure why that would be throwing an error, but any extra insight would be helpful.
Also, I've spent some time googling AntiForgeryExceptions and most of the common bugs don't seem to apply here. At least from what I could see.
I've already double-checked that the machine key is static and is defined in the web.config and is the same on both of the load balanced production servers.
I can't seem to duplicate this bug in a test environment but it happens at least once a day on the production site when creating or editing content in the Admin."
"Switching admin users over to https has helped, but not completely alleviated the problem. This feels like a cache related issue, but the admin isn't cached."