so you're redirected to a public url? well, that's not a good way for a login form. normally, you'd set up a session management, storing a session cookie on the pc and a session file on the server. are you good at coding in php? another solution would be a temporary url which could be achieved by using a soft link on the server, deleting it after 30 minutes or so. and a third option would obviously be .htaccess.
there is no way for you to not let the user see the url. if you want a secure area on your webspace, use other methods.