...
The Problem:
The UltraCartShoppingCartID cookie is not transferring between the two sites. It is the critical component for matching a web browser to a cart session stored on the server.
It is being set for a domain of 'www‘www.mystore.com'com’, and so it is not available on the checkout page of 'secure‘secure.mystore.com'com’.
(Also, one might be http and the other is https.)
Now, if you open your console and type 'document‘document.cookie', you'll cookie’, you’ll see that both pages have the cookie, but they are of different values. When the browser goes to the checkout page, the checkout finds no cookie and so created a new cart id.
Possible Solutions:
1. Expand the cookie domain. The checkout api will see the cookie for the server, so it will probably have a domain of 'www.mystore.com'com’. Take the cart id and reset it to a wider domain cookie.
The code for that would look something like this (execute this code before changing the location to the checkout page).
document.cookie = 'UltraCartShoppingCartID=' + ultraCart.getCart().cartId + ';domain=.mystore.com;path=/;';
...