Having an interesting problem, which I'm thinking is related to some internal security feature regarding the invoking of admin pages. A site I'm working on can have two different incoming URL's. If one, a certain banner should be used, if another, then another. The initial problem was that there's a cart, and certain pages are SSL, and the securepages module can't handle two possible SSL URL's. There's a SSL certificate for both. But when switching to https:, the correct one needs to be requested, otherwise the browser reports a problem with the certificate. So, the way I handled it was to hook_init before securepages becomes involved, and check the requested URL, and if it's the second, I simply overwrite securepage's variable entry with a variable_set with the new url. Works like a charm. Except... admin. I have securepages set to work with admin as well, but when I request an admin page, the logic in hook_init that should variable_set the url back to the normal domain doesn't seem to fire, because I'll have put http://mydomain.com/admin and it will invoke https://mydomain.com/admin but the variable setting will still be https://myotherdomain.com, so I get the certificate message.