I know it´s a little late for you, but this answer is for all who have the same problem.
-
With HTML5 you can use web storage.
-
(Just an idea! – not tested!)
You could define a cookie (via javascript on client) and set the “secure”-attribute.
In this case, the cookie will only be sent to the server on HTTPS connections.
To make sure the cookie never leaves the browser, you just never open a HTTPS connection 😉
EDIT
Now it´s 2022 and I would not recommend solution 2) anymore.
Instead of setting the secure flag on the cookie, set the path to a path on the server which is never used.