Anyone Know Exactly How The Server Will Handle This Request?

Objective: Completely secure admin login without ssl :blush:
FYI: If possible, please help answer a security question without debating the need to buy and install ssl certs, or usage of a self-signed one.

Step 1:
URL in address bar = (for example) http://localhost:1999/index2.php
Remote web page being securely viewed = http://domain.com/index2.php

Step 2:
‘index2.php’ contains a simple login form. If the form action = “member_login.php”, then I’m sure the data is passed (posted) securely, but the cookies are not set properly.

  • I’m looking to securely pass the login data while also sending the browser to a proper domain.

If the form action = “http://domain_fullURL.com/member_login.php”, for example…

Will the server:
1a) Send the data out onto the net[/I], only to return to the same server, or
1b) First, detect the locally hosted domain and post securely (internally), roughly equal to having used a relative path?

Same question phrased a bit different:
Does any data “leave the server” when target = {http://full URL/} and the url is hosted on the same server, or does the server somehow first detect the local target?

Thank you for helping.

Nothing is automatically detected.

If you want to secure a login, create a dynamic tunnel and use SOCKS.