I'm using Symfony2, but this is probably just a PHP question.
Based on my understanding (please correct if I am wrong) if I set the session cookie to secure then the cookie only gets sent on secure connections. So on non-secure connections the server in fact can't remember anything based on the user visit. I just want to confirm my understanding on this.
Is it possible to have two session cookies? One for all protocols to store session data that isn't secure (e.g. isn't a user authentication/login) and the second session would be secure-only and handle the login authorisation.
I know I could set a local cookie for the odd non-secure thing, but I'm really looking at being able to use $_SESSION twice (One for all and one for https-only).
I feel that using secure cookie is essential for user authentication/login, but I also would like to be able to have some form of session on non-secure pages too.
Does Symfony2 do anything in particular as to any of this? I know it handles sessions quite well through its in-built classes, but does it do anything particular in terms of using secure cookies?