On an Apache server, I have set of Profile pages within a folder protected by htaccess (/main/profile). After a user updates their profile, I want to set a $_SESSION['timelineuser']= or a session cookie for use back in the main folder of the site (/main/) which is unsecure.
On the unsecure page I want to check to see if $_SESSION['timelineuser'] exists. Works fine in Firefox, Chrome, etc. In IE8, the behavior is bizarre - the $_SESSION (and cookie in my other tests) doesn't show up when you click on the http:// link back to the main page after updating your profile. However, if you refresh the browser it does show up.
It has something to do with how I link from the secure page. If I have an href="/main/index.html" it works but throws security warnings. If I have an href="http://www.foo.com/main/index.html" (where I want it to go) in IE there ia a brief blank screen before the main page loads.
Something to do with going from https to http?