Is it secure to store a password in a session? [duplicate]
Keeping plaintext passwords anywhere in any capacity is usually a bad idea. Sessions are safe as such, but only as safe as the rest of your server environment. Administrators or other users both legitimate and nefarious may have access to data stored on it. You never want to handle the secrets of your customers if you can avoid it; that also means you want to avoid seeing the user's password under any circumstances and you should build your code in a way that the plaintext password is as short lived as technically possible.
If you need to use the password for something during a session, you should architect your app so it never uses the plaintext password, but use a key derivation function to derive a key from the password which you then use for your sensitive tasks. This way there's a lot less chance to expose the user's password. Remember, the only security the user has is the secrecy of his password that only he is supposed to know.
If doing so and when hackers get access to your server, they will see the passwords in plain text. Never store plain text passwords (wherever)
About the general question. You ask the user once for the password and verify the crypted password against a crypted password stored - let's say in a database. If they are the same then you start a new session. When the user next tries to access your site, you'll check if a session for this user exists. So there is no need to store the password in the session.