the theory of SSL in the HTTP paradigm/protocol is that the elements of a page will all come from 'trustworthy sources', which is what a Certificate guarantees. The Certificate 'encapsulates' a tiny piece of the web and says "I know here this stuff came from" as well as the matter of encryption.
that is the reason that if you are on a HTTPS page and any elements in that page are not within the same root or rule set, you will get a message like "this page contains some insecure elements, do you want to continue?"
the short version of an answer to "do you mean that the the httpdocs as well as the httpsdocs need their own css, class directory and session_save_path directory?" is 'probably yes -- in your case'.
I'm not proposing that I am an expert on SSL, that is why I have several times said "as far as I know'. Commercial entities often spend many thousands of dollars getting their apps up to spec to pass an audit.
You might want to Google "understanding https and ssl" or "apache http and https on same server"
This one looks readable - http://www.ourshop.com/resources/ssl.html
This forum is really here to support getting XAMPP to work, and while we are happy to answer other questions, Apache Friends is not really a general support forum for all matters http/https/Apache/PHP/Perl whatever... Those questions are best answered in specialist forums - StackOverflow and Daniweb are two good ones. (I belong to both)
Good Luck with your project.