Web Authentication

When requesting authentication (the client requests the login / password input page), the server generates a pseudo-random number that it stores in its database and also sends it to the client. This number is the ID of the login session and its lifetime is limited, for example 5 minutes. During this time, the client must have time to authenticate in the system. Based on the password entered by the client and the resulting pseudo-random number using Java Script, a hash is generated, which is sent to the server along with the user ID and user login. On the server, the identifier is searched in the database, if it is successful, the password is extracted from the database by the login and the hash function is calculated from the password and identifier (that same pseudo-random number). If the hashes match, the login is successful. The identifier from the database is deleted.

Implementing MD4, MD5, SHA-1 in Java Script