Hiya,<BR><BR>I&#039;m just finishing up on an ecommerce site or two<BR><BR>in the final stage of ordering from the site we switch to https://<BR><BR>I was just wondering - is it completely safe to use session variables between secure and non-secure (using Win 2000 server with IIS 5)<BR><BR>It works fine currently, but when many people are using a website, does IIS ever get confused with session variables when switching between http and https??<BR><BR>any help would be appreciated by this concerned, paranoid programmer.