User identification

Fast authorization in php?

Good day to all.
Now I am writing a code for authenticating and authorizing users on a site in php.
It looks like this:
the user enters a login \ password, the script on the server pulls the database, the request checks for the presence of the user & md5 (from this password). If there is such a combination of login and md5 from the password, then everything is ok.
So on the page (in the control panel) there is a code that works through xmlhttp (ajax)
With each such request, you need to pull the base.
This is where the problem lies.
I don't want to torture Her Majesty with such petty validity checks.
Is it possible to do without a base?
No, classic sessions are not offered. (There are a lot of them, they don't clean up properly, fs, inode, etc.)
memcache and other additional software for the sake of this, too, do not want to install.
There is an option.
The authentication method itself should not be changed (when logging in, you will have to pull the database)
, but the authorization:
is it possible to get by with only mathematics?
For example, according to the Diffie-Hellman algorithm (I understand how secret key generation works, but I don’t understand how to authorize users, especially with common g, p)
or something like this: the
user has a password (md5) and the salt
sends it to the server, the
server based on the above data, it calculates the secret number
secretkey + (login,pass,salt) = some_num
And when authorizing, the server performs the reverse operation. It turns out the exact same session but without storing anything on the server.
Are there such methods?
Has anyone used them?
What are the downsides besides storing it all in a cookie in the clear?
Any thoughts on this?
Will it be faster, or postgres is not so bad for a lot of queries
PS Don't throw stones :)