Magento Ajax Login - Over SSL

I am working on an ajax login for magento and I have run into a small issue when dealing with ssl.

The request page that I am using to display my login view is a non-secure page. From this page, I am using ajax to post to a secure url (https://client.devserver/customer/account/ajaxLoginPost/). The json response I get back is correct, however 开发者_开发知识库when I refresh the page the user is not logged in.

I have tested this function on a non-secure site and it works as intended. It seems to only break when I add in the next layer of SSL.

Any help with this is greatly appreciated.

Here is the code from my controller.

public function ajaxLoginPostAction()
{
    if ($this->_getSession()->isLoggedIn()) {
        $this->_redirect('*/*/');
        return;
    }
    $session = $this->_getSession();

    if ($this->getRequest()->isPost()) {
        $login = $this->getRequest()->getPost('login');
        if (!empty($login['username']) && !empty($login['password'])) {
            try {
                $session->login($login['username'], $login['password']);
                if ($session->getCustomer()->getIsJustConfirmed()) {
                    $this->_welcomeCustomer($session->getCustomer(), true);
                }
                $messages = array("isAuthed" => true);
            } catch (Mage_Core_Exception $e) {
                switch ($e->getCode()) {
                    case Mage_Customer_Model_Customer::EXCEPTION_INVALID_EMAIL_OR_PASSWORD:
                        $message = $e->getMessage();
                        break;
                    default:
                        $message = $e->getMessage();
                }
                $messages = array("isAuthed" => false, "userName" => $login['username'],"error"=> $message);
            } catch (Exception $e) {
                // Mage::logException($e); // PA DSS violation: this exception log can disclose customer password
            }

        } else {
            $messages = array("isAuthed" => false, "userName" => $login['username'],"error"=>'Login and password are required.');
        }
    }
    //$this->_loginPostRedirect();
    $this->getResponse()->setBody(Mage::helper('core')->jsonEncode($messages));
}

There are effectively two cookies (and hence two sessions), one for the "http" connection and one for the "https".

You can either forward to a secure page after performing the login - which negates the need for an AJAX form - or return the SID in the JSON response and find a way to set the non-secure cookie with that value.

A third option is to leave the entire site as secured, it's extra work & cost for the server so not all businesses are willing to take that sensible precaution.