Yes. If you have your own certificate this is a very simple process, the problems are with shared certificates since the session information cannot be shared across domains. If you do have your own, i.e. your secure and non-secure domains are only different in the https bit then:
1) Edit inc/layoutlib.asp and where it says:
<a href="<%= strNonSecPath %>users.asp">My Account</a>
change to:
<a href="<%= strSecPath %>users.asp">My Account</a>
This appears a couple of times for the top navigation and left hand side.
2) Then edit inc/userlogin.asp and where it says:
<form action="users.asp" method="POST">
Change to:
<form action="<%= strSecPath%>users.asp" method="POST">
