I've setup a new site that's using an SSL cert to secure logins and payments (s2member plugin). But there seems to be a major problem with how WordPress deals with SSL. It seems that it's either all or nothing in terms of delivering pages over HTTPS. But that's obviously going to be slow and too much overhead for my server.
My main frustration is form the different cookies that are being used. If a user logs into the site over HTTPS, the secure cookie is set. However, the rest of the site (running over HTTP) will not be looking for the secure cookie, and won't see that the user is currently logged in. This has been the experience on my site at least.
I've tried setting FORCE_SSL_LOGIN, FORCE_SSL_ADMIN, and COOKIE_DOMAIN without any luck. Each seams to cause another problem somewhere else.
Is there something else I should be doing, or is this an known/unknown flaw in WordPress? Is there perhaps a way of using a database table to handle sessions instead?