SSL vs Non-SSL portions of the a website
How do you folks handle SSL(protected) vs non-SSL(public) content on a website while holding persistence for authed users.
We have a site where visitors can log in to view customized content or browse as a guest and see default content.
When they get to protected pages, they need to be logged in and the site needs to switch to SSL, but the rest of the site we would like to be non-SSL.
If we have two virtuals, one for port 80 and the other for port 443, but a shared pool of servers, how would we handle keeping a user with a particular server(persistence) to keep them logged in?
Lots of e-commerce sites do this, and I hope it does not have to be by replicating session data between servers...