diff --git a/Changes b/Changes
index be89fa9..b0987fd 100644
--- a/Changes
+++ b/Changes
@@ -22,3 +22,4 @@ Revision history for Plack::Middleware::Auth::Form.
 
 {{$NEXT}}
     Experimental _wrap_body method
+    ssl_port parameter added
diff --git a/lib/Plack/Middleware/Auth/Form.pm b/lib/Plack/Middleware/Auth/Form.pm
index fb9aae9..eb7bd92 100644
--- a/lib/Plack/Middleware/Auth/Form.pm
+++ b/lib/Plack/Middleware/Auth/Form.pm
@@ -3,7 +3,7 @@ use warnings;
 package Plack::Middleware::Auth::Form;
 
 use parent qw/Plack::Middleware/;
-use Plack::Util::Accessor qw( secure authenticator no_login_page after_logout );
+use Plack::Util::Accessor qw( secure authenticator no_login_page after_logout ssl_port );
 use Plack::Request;
 use Scalar::Util;
 use Carp ();
@@ -43,9 +43,12 @@ sub call {
 sub _login {
     my($self, $env) = @_;
     my $login_error;
-    if( $self->secure && $env->{'psgi.url_scheme'} ne 'https' ){
-        my $server = $env->{X_FORWARDED_FOR} || $env->{X_HTTP_HOST} || $env->{SERVER_NAME};
-        my $secure_url = "https://$server" . $env->{PATH_INFO};
+    if( $self->secure 
+        && ( !defined $env->{'psgi.url_scheme'} || lc $env->{'psgi.url_scheme'} ne 'https' )
+        && ( !defined $env->{HTTP_X_FORWARDED_PROTO} || lc $env->{HTTP_X_FORWARDED_PROTO} ne 'https' )
+    ){
+        my $server = $env->{HTTP_X_FORWARDED_FOR} || $env->{HTTP_X_HOST} || $env->{SERVER_NAME};
+        my $secure_url = "https://$server" . ( $self->ssl_port ? ':' . $self->ssl_port : '' ) . $env->{PATH_INFO};
         return [ 
             301, 
             [ Location => $secure_url ],
@@ -209,6 +212,14 @@ application display the login page (for a GET request).
 
 Where to go after logout, by default '/'.
 
+=item secure
+
+Make the login form redirect to https if requested with http.
+
+=item ssl_port
+
+The port for the https requests.
+
 =back
 
 =head1 SEE ALSO
diff --git a/t/unit.t b/t/unit.t
index 8891742..8e6da86 100644
--- a/t/unit.t
+++ b/t/unit.t
@@ -81,6 +81,21 @@ $get_req->{'psgix.session'}{remember} = 1;
 $res = $middleware->call( $get_req );
 ok( $get_req->{'psgix.session.options'}{expires} > 10000, 'Long session' );
 
+$middleware = Plack::Middleware::Auth::Form->new( 
+    secure => 1,
+    authenticator => sub { 1 },
+    ssl_port => 5555,
+);
+
+$res = $middleware->call( { 
+        PATH_INFO => '/login', 
+        'psgi.url_scheme' => 'http',
+        REQUEST_METHOD => 'GET',
+        SERVER_NAME => 'myserver',
+    }
+);
+is( $res->[1][0], 'Location', 'Redirection to secure login' ) or warn Dumper($res);
+is( $res->[1][1], 'https://myserver:5555/login', 'Redirection to secure login' ) or warn Dumper($res);
 
 done_testing;