Write a small program, say with WWW::Mechanize, and examine the headers sent and headers received, as you login, then surf to non https page