I prefer to force access to HTTPS so that it's guaranteed to be over a secure connection:
if( !isset( $_SERVER['HTTPS'] ) || $_SERVER['HTTPS'] !== 'on' )
{
$url = 'https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
header( 'Location: '.$url );
exit();
}