I have seen sites where the login page are under http and on others under https. As I understood it, its where the login page is under https that the login info is secured. On those that are under http they are redirected to https only after clicking the submit button.

So if that means that under http the login info are not encrypted. And the site is only secure after the logon.

I think so. In https, it used SSL(Secure Socket Layer) encrypted session. I haven't heard that http follows it at all.