ASP session lost when redirecting from http page to secure https page
Select website in IIS
Double-click "ASP" in the IIS section.
Services > Session Properties > Session State - make sure this is set to "True".
Services > Session Properties > New ID on secure connection - make sure this is set to "False".
Save changes on exit.