How does popular mail websites handle server side scripting?

I was wondering how do popular mail websites handle / call the serverside scripts. How do they do it differently in a way that users are not easily able to decipher which file they are calling to invoke say login authentication开发者_Go百科.

For eg: from yahoo website i did view source on login page and saw

  <form method="post" action="https://login.yahoo.com/config/login?" autocomplete="" name="login_form" onsubmit="return hash2(this)">

usually action is the server side script file which is being called on submit button right? so they are redirecting to some other website on .done (i.e after authentication), but how do we know what file they calling to run the script?.. Where is the username and password. I tried a wireshark capture too, because they are using post, i won't see the username/password in the url but in wireshark i should see right?

Sorry a lame question, but was just curious as to how these big people work.

Are you merely confused about the URL https://login.yahoo.com/config/login??

Consider: A web server does not need to work with files at all. Having a URL like http://example.com/login.php is merely an extremely lazy way to map to a file on disk. Internally, the web server will receive the request as /login.php and will have to look through its configuration if there's a file login.php somewhere in a directory configured for the host example.com, execute that file and send back the results to the user. That's a complicated task.

Instead it could just receive the query for /config/login? and do something completely different with it, like... logging you in.

You're never executing files directly on a remote server. This is important. There's always a program translating URLs to executable programs or actions. This is completely arbitrary and has nothing to do with the file system.

Try searching for "pretty URLs".

The /config/login? in this case is just a entry point into the server at login.yahoo.com. It could be a HTTP handler name, and when that handler gets invoked on that webserver, it just calls into some other server side call (c++ or java or anything else)...

So its kinda hidden from you. They are (possibly) just executing a 'method' or a series of methods on the server side...which on completion return some data back to the browser via the same http handler/entry-point.

These server entry points or HTTP handlers get all the data from the browser when that form is post'ed and is forwarded to the actual handler for this call.

Search for HTTP handler modules.