On a CakePHP 1.2.6 site, I performed the suggestions in http://bakery.cakephp.org/articles/view/how-to-bend-cakephp-s-session-handling-to-your-needs.
The problem I'm running into is after logging in from http, the site refreshes back to the home page at https and does not show that I'm logged in. I need to log in again and then it works.
How can I fix this? Using the Auth component by the way.
There is often little point in using HTTPS if you're transferring your logged in state from an HTTP connection to an HTTPS connection: someone eavesdropping the HTTP communication could then impersonate the legitimate user using HTTPS. (This is what secure cookies are for too.)
Going from HTTPS to HTTP can be OK if you just want to protect entering the user's password, but you should always avoid to go from HTTP to HTTPS without re-challenging the user, otherwise, the communication won't be more secure than if it was done over HTTP with respect to its authentication.
You need to login from HTTPS protected location. Here is a great little component that will force SSL on the login (or anywhere else in your code).
http://bakery.cakephp.org/articles/view/component-for-forcing-a-secure-connection