The suggestion is to tell people "you are safe if there is a green padlock in the address bar", and only display the padlock if the certificate is signed by a trusted authority.
Again, apart from the fact that the absence of a green padlock is an insufficient alarm for "your site is being hijacked by a MITM attacker", a session with a web application consists of many hundreds of individual connections.
