Can my software application maintain state when switching from normal HTTP (non-secure) protocol to HTTPS (secure) protocol?
When you change from non-secure (HTTP) to secure protocol (HTTPS), any cookies or client variables you are using with one protocol will not be recognized from one state to the next. This is true since the web server views activity under each different protocol as completely different user sessions, so it does not maintain variable state between the two different protocols. This is true whether or not you use a shared or dedicated SSL certificate. Because of this, it is best to use HTTP protocol for most user activity, and only switch to HTTPS protocol for sensitive data gathering, and then after receiving the data, provide a deliberate and compelling hyperlink that takes the user back into HTTP protocol.
For example, to go into secure mode, you would provide a hyperlink like:
and after checking out, the user would be presented with a hyperlink like: