Session not saving when moving from ssl to non-ssl

Question

I have a login screen that I force to be ssl, so like this: https://www.foobar.com/login then after they login, they get moved to the homepage: https://www.foobar.com/dashba

Answer 1

First of all, do I understand correctly that the second login is using the exact same mechanism as the first (via HTTPS)?

Does the first hit on a unsecured page create a new session, in addition to the one created during login?

Check if, on first login, the cookie is not set with the Secure flag (that means that the cookie should only be sent over a secured (HTTPS) connection).