site was setup for https://www.domain.com;
the hosting service by default had http://domain.com point to the same website;
a person could browse the http://domain.com and 'add' a product to their cart, when they did it would redirect them to the ssl version of the site 'https://www.domain.com'; and their cart would be empty. the non-ssl version was setup to be 'http://www.domain.com'
i've added a redirect in the 'http://domain.com' to redirect to 'http://www.domain.com'; it will take awhile for it to update, but i'll post an update once that's setup to see if the problem has been fixed.