[EDIT] woops didn't read your post right.
Once you've authenticated the user, and are about to display the "youre in!" page:
Add a mod rewrite rule naming that page, but forward it to
https://... If you're having trouble with this step, post your .htaccess.
Why do you need to do this, though? Are you worried about overhead? If you bothered authenticating the person, why not just maintain a secure connection? I don't get it.