C.R.Oldham, that sdm link doesn't work, and your patch seems to still exist in the system, are you refering to "adding /css/* and /images/* to the ad_login_page function"?
"One danger of serving mixed http/https content is that the user will get a warning box that says basically that some of the content on this page is not being served by https."
You are right, C.R.Oldham. The fix needs to deliver content according to the page request connection type (http/https).
Since the images are called via templating, I might try to use ad_secure_conn_p to modify the image links using absolute url references. It seems the main problem is the https://servername/register and https://servername/ecommerce/register pages. (I'm getting confused. after logging in via https://server/ecommerce/register I'm being asked to register via https://server/register. Time to step back for a few minutes and re-think again.
Regarding the other point, wouldn't it be ideal if an alternate to ad_context_bar existed that created links biased to http to direct traffic to http connects, for example, when most content on a website is available via http?
