If I have a domain: https://somedomain.example with a valid SSL certificate do I have to take any other precautions to encrypt data between clients and my server, or is my only concern now to protect data on the server via some AES encryption in my MySQL database.
Essentially, do I leave all of the security between client and server down to SSL, is that how Facebook and Google do it for instance?
Simply using SSL will handle all the encryption so the data will be protected in transit.
Authentication, authorisation and defences against XSS and CSRF need handling separately. (Although you can use SSL client certs for authentication).
XSS is something to watch out for in particular, if an attacker can inject JS into the page, then it can access the data in the browser where (unlike when it is in transit) it isn't encrypted.
This may not be exactly what you mean but even with SSL it's a good idea to use password salts in the database. There's no good reason for you to store plain text passwords in your database. Even if the data stored on your servers isn't all that sensitive since users typically use the same password across sites if your database is compromised you may be giving out the password to something serious like their online banking.
Personally I prefer to take it a step farther and implement a challenge response scheme on top of salting passwords. It's pretty easy to implement and that way my server rarely ever sees the user's actual password with the exception of during sign up. In my opinion, the less my server knows, the better.