Most containers, (
Tomcat is one that I know of) will keep separate sessions for secure and non-secure sessions.
This is done for a good reason. In a non-secure session the sessionid cookie is passed over the web in clear text which opens your app up to session hijacking.
If your data is secure enough to require a secure login before accessing it, isn't it work keeping the session under SSL? Why do you want to drop SSL? is it for performance reasons? If so, have you tested to see exactly how much faster your app runs without SSL than with it?