If you are using cookies to store the key for the session, that could be the problem. I've run into that exact issue when going from http to https -- mainly with Internet Explorer.

I'd try passing the session key in the POST info and see if that solves the problem. Otherwise, I'd just run the whole app through SSL. But, I don't see anything in the Apache::Session code that would cause it.