One time salts and server password comparison

Question

I've read that one of the more secure ways to authenticate a user is to use one time salts when hashing the password. What I don't get is:

If the client generates a new salt every session, won't the resulting salt+password hash be different every session? If so, how will the server be able to compare the sent password with it's stored password? Is there a way for servers to compare different hashes and still be able to discern that the same password was used?

(Disclaimer: I'm not trying to reinvent the wheel/write a login protocol (I know, I know: use SSL/TLS). I'm just curious as to the high level functioning of login protocols)

Answer 1

You only need to generate the salt only once and may every time the password been changed.

The client needs not to store the salt anywhere or even been aware of that. The salt will be stored by the server - along with the hash.

Its recommended that you store the hash and the salt in two different databases..