A kind person who tried to buy something from our website sent an email to explain that she could not enter our check out.
Windows 2000 IIS 5
When a new visitor arrives we give them cookie. IIS gives them a session ID. Somehow when they switch from http to https they become a different person with a different cookie, but the session ID is the same. How strange is that?
So why do they have a different cookie when they are using https?
Any ideas would be very welcome.