Even for non-login sessions, HTTPS is key. It isn't just about credential protection. It guards against data tampering in transit and is therefore crucial for end-to-end data integrity. What you are saying is basically that you don't care about integrity, fair enough, but many people including me do.