How to transfer form, the username and password in encrypted form to the server?

Hello!
I have a couple of questions:
1) As when filling out the form (username and password) to transmit the data in pure form, and encrypted on the server?
About the HTTPS, everything is clear. But still - what are the ways to encrypt (probably with a special encryption key) is passed the username and password to the server?
I tried to do it in javascript, using a special encryption algorithm using a key (salt). Then I did my obfuscation js file somehow "strong" obfuscator (one way obfuscation) which username and password has turned into a get request and sent to the server. But it's still not an option in my opinion.
2) And second question. Many people make the session tokens in the form of a username and password.
The theme is clear, that the old. But the point is to do if CURL-Ohm you can get around very quickly - and no token will not help (against brute force).
July 9th 19 at 13:01
2 answers
July 9th 19 at 13:03
Solution
Use asymmetric encryption How to implement RSA encryption in javascript?
The public key can only encrypt the password to decrypt it can only be on the server.
About the session cookie - maybe it's CSRF tokens?
Thank you. Yes, I was referring to CSRF tokens. If the meaning of their use? - joannie.Dickinson commented on July 9th 19 at 13:06
Protection against some types of attacks - https://ru.wikipedia.org/wiki/%D0%9C%D0%B5%D0%B6%D... - Daphne_Roob commented on July 9th 19 at 13:09
Thank you) - joannie.Dickinson commented on July 9th 19 at 13:12
July 9th 19 at 13:05
Solution
Encryption is extremely resursoemkie (CPU time) operation.
JS will kind of encryption, an illusion.
Or unacceptable brake.

Trust https.
And what about the answer you say? He proposed a solution. - joannie.Dickinson commented on July 9th 19 at 13:08
Alex told good and necessary thing. But I still did not use it. Probably too lazy. Trust while https :) - Daphne_Roob commented on July 9th 19 at 13:11
Ready library. What? I say - slowly. In order to be able to use encryption - even special instructions in the CPU inserted.... And you want to JS. If you are sure that all your users use only modern computers can. In the General case - users will be uncomfortable to expect a password. - joannie.Dickinson commented on July 9th 19 at 13:14

Find more questions by tags HTMLPHPUser identification