I found this extremely useful:
def redirect_to_ssl
redirect_to url_for params.merge({:protocol => 'https://'}) unless request.ssl?
end
Put this in your application controller and call
before_filter :redirect_to_ssl
on every controller that would require ssl. You can pick which actions would only require this by extending your before_filter declaration as such:
before_filter :redirect_to_ssl, :only => [:new, :purchase]
or even by exclusion, whichever is more convenient for your case:
before_filter :redirect_to_ssl, :except => [:show]
PS: There are other resources too, such as this one (that could be of help): http://fuadcse.blogspot.com/2009/01/redirecting-http-request-to-https-in.html