Typically sessions cannot be managed between two different servers without a good degree of difficulty, although I believe it is meant to be possible.
In any case, it is not something that I have tried myself and so cannot directly help you with it.
However, it is possible to share session data between the http and https protocols when on the same server.
So a session on [bold]https[/bold]://www.website.com will be accessible on [bold]https[/bold]://www.website.com
If you have already got your solution working, then that's great - would you mind sharing the code with me to see what you have done?
However, from my understanding of your solution, I cannot see it working properly.
When a users privilege is changed, it is the database that is updated - not the logged in users session data.
Therefore if you take a hash of the users session privilege data, it is not going to be updated until the session expires.
My suggested solution posted above queries the database to get the live status of the users privileges and so should be 100% reliable.
If I have misunderstood your solution, then by all means, please correct me.
