If your Apache server have the mod_rewrite module enabled, add following code piece into the '.htaccess' file will force https protocol throughout a website.
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,L]
php_value session.cookie_secure 1
Those 3 lines of code could be interpreted as follow:
If the requests come for port 80
Redirect the requests to its https address
Tell php to process sessions via https pipes only.
How the rewrite rule works?