I found a problem with this
Because the system only checks either the ad_session_id or ad_session_id secure cookie, if you enter in HTTP or HTTPS
when you change the HTTP to HTTPS, to login, for example, the session_id cookie that was set in HTTP will not be read and the session_id will change.
This would be a problem for an ecommerce site where you saved items in your shoppinh cart in HTTP then were redirected to HTTPS to check out.
The only solution I can imagine is to send the session_id in the URL when switching from HTTP to HTTP or back.
Then the security handler would need a way to extract that from the URL.