Authentication and Shared SSL

Something I do not understand with the shared SSL and how it could work

the nopCommerce installation is running as http://www.myshop.com

I want to use a shared SSL: https://myshop.myhost.com
(this is not a directory but a proper certificate installed in IIS)

I create a website in IIS 7 / win2008 and do the following binding:
http://www.myshop.com
https://myshop.myhost.com
after installing a certificate for myshop.myhost.com in IIS

I can navigate to both with no problem
http://www.myshop.com
https://myshop.myhost.com  

In nopCommerce global settings I have :
use SSL + shared SSL = https://myshop.myhost.com

Now if I navigate in the website
http://www.myshop.com
When I hit Login: it goes to https://myshop.myhost.com/Login.aspx
If I login it authenticates me for the domain myshop.myhost.com
Then I am redirected to the non SSL page: http://www.myshop.com
This is not the domain for which I am authenticated, the authentication cookie would not work, so I am not logged in!

So basically that cannot work in this configuration
The only way it to have a non shared SSL where both SSL and non SSL domain are the same, so i am authenticated in both.

Any viewpoint on this?

Try this link.

http://weblogs.asp.net/scottgu/archive/2005/12/10/432851.aspx

Actually.  If its just a sub domain.

i.e you have shop.myhost.com and www.myhost.com you can do as below

<authentication mode="Forms">
  <forms name="mywebhost" domain=".myhost.com " protection="All" timeout="43200" >
</authentication>

thank you for the information, it was helpful.

The subdomain modification is working well

But I think that if we use different TOP domains for the shop and the shared ssl, then there is no simple solution.

The browsers themselves are persisting cookies per domain, so I would only be able to share cookies within the same top domain... so we would need to generate 2 authentication cookies within the same application

I've decided to open a new thread.
https://www.nopcommerce.com/Boards/Topic.aspx?TopicID=1350