i finally got it working, by using a db table as a temp spot to store the session id + user id combo (& other things), then on the http (non s) site i compare the table record to the 1st session file and if matched, delete that 1st session file and then create a new one while on http and then set my vars.
convoluted, yes. it works.