Hi, I've always thought that session data was subdomain specific and would not carry over between http://www.mydomain.com and https://secure.mydomain.com, but it seems to be working for me now. Can I rely on this and post from http://www.mydomain.com to https://secure.mydomain.com and simply pass a hidden input containing PHPSESSID, or do I need to pass each key=>value pair that _SESSION contains at www. and reset them as _SESSION vars at secure. <https://secure.mydomain.com> ? Thanks in advance, Ben
