you could use SPDY although is only supported by new browsers. There is a mod_spdy for apache released by google. That would help.
Nevertheless I found weird your statement (http and https don't keep the same session id on the same site). since I have used to have SSL only in the login pages. I never found that problem.
The limitation you are talking about is not of PHP. You cannot do ajax requests across different domains nor schemes (that is called cross site posting). I would recommend you using some technique or to post to a stand only login page and tracking the referrer to send the user back to url they came from.