The reason I ask is I find when I go on a site that uses https, and switches and I get the warning, I feel like there may be a security error (especially if money or financial info is involved)... I know it's a client side warning, but it breaks the flow and makes me pause to think "is this a redirect" or "is this a reseller framing my session for the actaul seller".

anytime you post from secure to non secure you are 'breaking' the security.

The best bet would probably be to have the sites use the same database and manage the sessions there. You could add an id to the url for the redirect and then grab the corresponding data from the db.

though I guess if you use GET then it shouldn't give you the error anyway.

maybe just using GET for https to http is the way to go.

When you go from non secure to secure it doesn't matter.

Can this be done in a way that doesn't produce a "switching from secure to non-secure" or a "mixed (content)" warning?

Maybe I misunderstood the question - no, you cannot post out of a secure location. You can't even curl non-secure data without a warning.

What I meant was if you are tracking a session or (example) cart on a non-secure server, when you move to a secure server (or vice-versa) you lose track of that session because you can't read the non-secure cookie on the secure domain (or vice - versa.) So by sending a form value or query string for the sessionid, you can set a new cookie on the secure domain, then when you return to the non-secure domain you will be able to read the old one. Moving OFF the secure server has to be done by ordinary links.

At the first available opportunity I present all the links as non-https links - those won't kick secure warnings.