I have got a solution by this..Try it.

$_SESSION['test'] = 'test';
session_regenerate_id(true);

header("Location: /");// the header must be sent before session close
session_write_close(); // here you could also use exit();

Don't worry this is a normal behavior because HTTPS is meant to be secure and it is doing his part.

Below are some tricks through which you can maintain the session while switching from HTTP to HTTPS.

1. Transmit session ID between page using GET

2. POST session ID by POST

3. Use files to save sessions

4. Use Cookies for sessions

5. Use database to save session

Hope you will get something through my reply.

You can manage session between HTTP to HTTPS or HTTPS to HTTP:

1. Transmit session ID between page using GET

2. POST session ID by POST

3. Use files to save sessions

4. Use Cookies for sessions

5. Use database to save session

Below example can be used to transmit using GET….

File : http.php ……………

<?php

session_start();

$sessionID = session_id();

$_SESSION['demo'] = ‘Demo session between HTTP HTTPS’;

echo ‘<a href=”https://www.svnlabs.com/https.php?session=’.$sessionID.’”>Demo session from HTTP to HTTPS</a>’;

?>

File: https.php ……………

<?php

$sessionID = $_GET['session'];

session_id($sessionID);

session_start();

if (!empty($_SESSION['demo'])) {
echo $_SESSION['svnlabs'];
} else {
echo ‘Demo session failed’;
}

?>

IE7 : This page contains both secure and nonsecure items

You have to use relative path for all static resource on page like css, js, images, flash etc. to avoid IE message secure and nonsecure items…

IE Message

Looks like your session cookie is created with the secure flag, but there's something with the url of your checkout page due to which the session cookie isnt being passed over.

Or probably, your session cookie isnt secure - just that the url of the checkout page is different enough (http://mysite.com vs http://www.mysite.com) that the browser isnt sending the cookie.

If you'd like to read more on flipping over from http to https and vice versa - do take a look at at my writeup on selective ssl :-)

This may not be possible since the cookie seems to be getting lost. The browser you're using must think it's for a completely different domain.

What browser are you using specifically?

Think about using HTTPS for all pages, that's the easiest way to avoid this problem and it will improve the security of your site.

If SSL for all pages is not an option to you, then you could use this approach: Switching between HTTP and HTTPS pages with secure session-cookie. The idea behind is, that you leave the session cookie unsecure (and therefore available to HTTP and HTTPS pages), but have a second secure cookie to handle the authentication. It's a good way to separate the two concerns "maintaining the session" and "authentication".