My host requires me to use a different domain for SSL secured access (shared SSL), so I need to transition the user session between two domains. One part of the page lives at http://example.com, while the SSL'd part is at https://example.hosting.com. As such I can't set a domain-spanning cookie.

What I'm trying to do is to transition the session id over and re-set the cookie like this:

• http://example.com/normal/page, user clicks link to secure area and goes to:
• http://example.com/secure/page, which causes a redirect to:
• https://example.hosting.com/secure/page?sess=ikub..., which resurrects the session and sets a new cookie valid for the domain, then redirects to:
• https://example.hosting.com/secure/page

This works up to the point where the session should be resurrected. I'm doing:

function beforeFilter() {
    ...
    $this->Session->id($_GET['sess']);
    $this->Session->activate();
    ...
}

As far as I can tell this should start the session with the given ID. It actually generates a new session ID though and this session is empty, the data is not restored.

This is on CakePHP 1.2.4. Do I need to do something else, or is there a better way to do what I'm trying to do?