Is this a desktop app or a web app? I ask because you are referring to a browser and the approach in these two cases are different.
For the web approach, firebase is a good solution as they have standardized the most common login flows. There are other many other options using passport.js and you will need to make it work with your code on the server side.
For a desktop app and if you use java, then you will need to use a client SDK library that manage sessions and use a third party library for encryption. For the latter, it is recommende d"not to do it yourself".
I am assuming you are also working in your server code?
- I like what you said:
I don’t want to set a fixed key on the client side That is generally good.
- On a side note, you said this:
using their encrypted username from the server side From the screenshot you share, it seems to me you are passing the encrypt username and the “encrypted” (?) passport in the request and the latter is used to decrypt the former. In other words, you are sending the safe and the key in the same message, not a good idea. My suggestion: do not encrypt the username.
- Password encryption is very important and it should be manage by a reputable third party library. You will not need to decrypt the password… ever. You always compared the encrypted versions to the one stored in the DB to validate the session and this is done on the server side. Second, I will not be concerned about encrypting the username, specially if the username is visible in public places. For example, my username here is “kfrajer” so no need to encrypt it if not needed.
Do you want to explore login flows? I can see you are using PHP. I would suggest you pick a PHP book and read the 2 or 3 chapters related to session management and it will give you the foundations to work in your project.
These are some points here and there about sessions. The topic is just wide. I recommend the guides from Kevin, specifically the ones under the server section. He is even around in this forum or you can post questions in his forum.