What actually happens when you click ‘Login’?

Most people think login is simple. Enter email → enter password → access granted. But here’s what actually happens behind the scenes You click “Login” Your browser sends a request to the server (a powerful, specialised computer or software system that stores, manages, and delivers data, files, and services to other computers (clients) over a network). The server receives your data (email + password) The password is NOT compared directly It is hashed and then compared with the stored hash If it matches The server creates a session (represents a specific time period that a user spends on a website) or a token (It is a self-contained digital key that proves your identity without the server needing to look up your information in a database every time. ) That token is sent back to your browser Every future request includes that token So the server knows it’s you That’s it—but also not that simple. Because things can go wrong: Wrong hashing method No token expiration Poor validation And sudd