There could be three problems there.
1. Different domain or subdomain between HTTP and HTTPS
Most likely the pages are in separate domains or subdomains. Hence it is not a matter of HTTP/HTTPS itself, but rather that the browser considers them to be two separate servers, and so does not forward the cookie domain 1 (which happens to be HTTP) for domain 2 (which happens to be HTTPS).
2. Cookies are going, but applications do not share session data
After checking whether the cookie session is coming to both servers, you need to check if both servers are recording/loading session data from the same place (same shared folder, same database, same memcached).
That is, if the cookie you’re right but the language can’t access the data, so it will open an empty session anyway.
3. Cookies secure
and not secure
mixed
When checking whether the cookie session is coming up on both servers, notice if it are rigorously the same, or if by chance one of them contains the tag secure
.
Cookies secure
by default are not sent on HTTP connections, so you may be receiving a different cookie on the HTTPS connection that does not go on the HTTP connection.
http://answall.com/questions/26610/como-funciona-a-sessão-em-navegadores-web
– Diego