For an ecommerce site, you may want to write the cart to the database when they click on the "Checkout" button and THEN redirect them to the secure checkout section with a querystring variable to identify the cart in the database. Or something like that.
If you are relying on the JSPSessionId to manage your cart (or whatever it is you're doing), you probably want to avoid bouncing between secure and insecure modes as you can't carry the session from one to another.
Also, a lot of browers are set to generate popups letting the user know that they are moving from a secure to an inscure site, and vic-versa. This can annoy your end users.
Do we need to know all the error codes 9XX ?