I have the same problem when I test OACS beta.
After users login in http, they are requested to login again if they go to some secure page (https). I guess this a session token problem. The session toke generated for http login is not the same as the one for secure server. Since they are different, when you go from http to https, you will be prompted to login again, which is annoying.
I have the same result IE and NetScape. Once you login from https, you won't be asked again for login if you go back from http to https.
Jay
