I do not recommend flip-flopping between SSL and non-SSL. You can end up exposing critical data, since presumably, the reason you entered SSL mode to begin with was to access secure information that would be exploitable on an open channel. And as a consequence of entering secure transport mode, Tomcat will have changed your session ID.
I haven't actually paid as much attention to the details as I might have, since this is one of these mechanisms that "just works" and there are too many other mechanisms that don't, but my impression is that once you enter SSL, you're going to stay there, even on pages not tagged for secure transport, at least unless you explicitly request otherwise (URLs beginning with "http" instead of "https"). But if you do and you manage to use the SSL-based sessionID, you will definitely have a possible exploit point.
Customer surveys are for companies who didn't pay proper attention to begin with.