This might be an apache issue, but I thought I'd post this in PHP first because we are using PHP to semi address the issue right now.
The issue is that we've got an http and an https server and we need the user to be able to move back and forth between them over the course of a visit to our site. When a ourdomain.com user logs in and moves through the site there are some actions we want to have them do in a secure environment. For instance, when a user browses the public site while logged in they get an "edit" link on their profile. Clicking this link takes them to the pages for editing their profile on a secure server. To do that we need a certain amount of preserved state.
The general way to share sessions between servers is to put the data in a database, rather than have php handle things itself. php has good support for this, and I've implemented a custom session storage system in our database (it's turned off at present, but it basically works). What we need to do is complete the setup so that both servers can connect the user to the same session data.
The basic idea is that each server sets a cookie which contains the user's unique id. Then when log into one of the sites, that info is stored in the database, and when they go to the other site the server checks the session info for the user associated with the cookie it receives and sees if they're logged in or not, and if so grabs their current session info.
Right now we don't link the sessions to the user, and we don't store any of our own cookies. There may also be an apache part of the equation to get this all going. I know little about apache.
So, I guess I'm looking for some problem solving. I'm sure many other people have solved this issue. Maybe the solution I've just described isn't the best...?
Lastly, but maybe most importantly... one out of the box solution we've pondered is just keeping the user in https when they're logged in and http when they're not. This would involve keeping copies of all site files in both http and https. Wondering if this is the way people solve this? Does this affect overhead in any way?