Rails 3.1 introduced force_ssl. You can add config.force_ssl = true in application.rb.
By enabling force_ssl, Rails send a HSTS (HTTP Strict Transport Security) header which will expired in a year.
So if you enabled force_ssl once, even you change the config value to false later, the browser you used to open you app before will still remember this website (using domain to identify) require to use HTTPS, and redirect you to HTTPS connection automatically. You may use chrome://net-internals/#hsts to check the domain list in Google Chrome.