We have a very dynamic site which uses session storage extensively to keep track of things. However, as we have switched from using just HTTP to HTTPS for sensitive forms we have discovered that the session storage is scoped to the scheme.
For example setting a key value on a HTTP page will not be accessible from a HTTPS page, and vice verse. This post explains it in more detail: http://drewwells.net/blog/98-sessionstorage-localstorage/
Is there a way of overcoming this limitation? It seems strange as only encrypting sensitive forms is a common practice and we do not wish to encrypt the entire site to overcome this.