You will find many websites including popular websites like Quora, Stack Overflow etc not using SSL by default. What do you think is the reason? In this case, won't it be easy for some random hacker to read the session cookie in plain text?
I know content driven sites will face some problem with SSL because the browser may show warning for mixing secure and insecure content. But I think security comes first and SSL should be mandatory.