The server_protocol setting should definitely be set to https. Try setting that and manually deleting all files in the core/cache directory.
If that doesn't do it, I'd add a rewrite rule to .htaccess to always convert http to https.
Is the rewrite rule at the top?
What does it look like?
<IfModule mod_rewrite.c>
RewriteCond %{SERVER_PORT} !^443
RewriteRule ^ https://www.domain.co.uk%{REQUEST_URI} [R=301,L]
</IfModule>
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourdomain.co.uk/$1 [R,L]<IfModule mod_rewrite.c> ... </IfModule>
I have the following in mine:
RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://yourdomain.co.uk/$1 [R,L]
I am not sure if you need the opening and closing tag in a .htaccess file?
<ifmodule mod_rewrite.c=""> ... </ifmodule>
I think you that maybe only need those in an apache config file?
Very important disclaimer: I am not an expert on .htaccess files!
#RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ https://yourdomain.com/$1
I have this:
#RewriteCond %{SERVER_PORT} 80 #RewriteRule ^(.*)$ https://yourdomain.com/$1
The R is for redirect, and the L says it's the last instruction (causes mod_rewrite to stop processing the rule set). I honestly don't know which version is better. My thinking was that letting the processing fall through to the MODX rewrite rules would be more efficient, but I could be wrong.
In your case, it's probably worth testing my version to see if it helps, though I doubt if it will.
