For HTTPS requests, cookies are marked as "secure", meaning they can no
longer be sent over HTTP. However, this means that that cookie name is
effectively unavailable (broken) for HTTP requests on the same domain.
In practice, this means in a dual HTTP/HTTPS setup, sessions would stop
working on HTTP once a session cookie was set up on HTTPS.
To prevent this, make sure that the cookie names are different between
HTTP and HTTPS. This effectively means that HTTP and HTTPS have
independent sessions running, which is probably what would be expected
(given they can't share the same session for security reasons).
For HTTPS requests, cookies are marked as "secure", meaning they can no longer be sent over HTTP. However, this means that that cookie name is effectively unavailable (broken) for HTTP requests on the same domain. In practice, this means in a dual HTTP/HTTPS setup, sessions would stop working on HTTP once a session cookie was set up on HTTPS.
To prevent this, make sure that the cookie names are different between HTTP and HTTPS. This effectively means that HTTP and HTTPS have independent sessions running, which is probably what would be expected (given they can't share the same session for security reasons).