I thought of an authentication system without SSL that seems reasonably secure. Am I overlooking something important?

1. User hits the login page
2. Server generates a salt for transmission (t-salt) and stores it in the session
3. Server sends the t-salt to the user as part of the login page that loads
4. User types in their username and password and clicks submit
5. Browser MD5 encrypts their password along with the t-salt
6. Browser sends username and MD5 (password + t-salt) to the server
7. Server retrieves password from database using username (*) Note below
8. Server MD5 encrypts password retrieved from step 7 along with the t-salt that was stored in the session in step 2
9. Server compares both of the MD5s from step 6 and step 8
10. If they are identical, the login is successfully authenticated
11. The server removes the t-salt from the session (added in step 2) to prevent potential replay attacks

* Note that the password retrieved in step 7 cannot be 1-way encrypted (as is common practice) in order for step 8 to work. But 2-way encryption systems can still be used to secure passwords at the database level. (Hey, that comes with the side benefit of allowing a more user friendly password recovery process.)

Aside from my note immediately above, what are the strengths and weaknesses of this scheme?