If everything is encrypted (https) at worst an attacker snooping on your network would see the domains or IPs you’re visiting but they wouldn’t see the rest of the URL, nor would they see any cookies or other sensitive information.
If you’re not using https then there’s not much you can do, the attacker will be able to see everything.
Edit: see this post for an explanation of the login process: