Users which have logged-in via https should always be served content via https otherwise there is no point in having the login form use https at all. With http anyone can intercept the cookie and use it to get to the users’s account without even knowing the user and password.
The question here is probably why a logged in user is presented with an http link at all. A way around it might be to detect when the LOGGED_IN_COOKIE
cookie is set, and it should be available on http as well as https, and if it is set redirect to https.
Clarification: you don’t have to serve everything over https for logged in user, it is just a simpler path to follow IMO. The harder approach is to require login only on pages in which you actually display confidential information to the user but then if your user have the admin bar turned off you can serve the page as http but if it is on you need to go https.
If all you do is to display the user display name and it is a public information then you can derive the user info from the login name which is contained in the LOGGED_IN_COOKIE
cookie, but for actual authentication you need to go https.