there are 2 methods pf doing this:
1) Use php code on all of your pages to force the browser to use the HTTPS address:
<?php
if( $_SERVER['SERVER_PORT'] == 80) {
header('Location:https://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/'.basename($_SERVER['PHP_SELF']));
die();
}
?>
on pages that should not use the https address, use this code:
<?php
if( $_SERVER['SERVER_PORT'] != 80) {
header('Location:http://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/'.basename($_SERVER['PHP_SELF']));
die();
}
?>
2) Use an httaccess rule and mod_rewrite:
force-ssl-htaccess.html