Difference with sha256sum result
Are you sure your sha256 function behaves ok? Because it gives me very different values from sha256sum (a Linux command)
For the string "123"
Your function: a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3
echo 123 | sha256sum: 181210f8f9c779c26da1d9b2075bde0127302ee0e3fca38c9a83f5b1dd8e5d3b
That has zero effect on real security
I see no reasons to send a hash of a password instead of the password itself. When your packets are intercepted the attacker will receive the hash instead of password. But that means the attacker will generate the same ajax request from him computer and send it to the server, because instead of comparing passwords your server compares hashes.
Just use https and don't simulate the security.