DB Session question

[eluser]stuffradio[/eluser]
Would it be insecure to store the value the user posted in a session of the MD5 password.

What I want to do is, check the session to see if the password they entered when they logged in matches that of their account. That way if someone does manage to manipulate the username of the session, it will still have to check the value of the password to see if it matches.

Any thoughts on this? Would it be too insecure? As far as I understand, they can't really see the session values when they're stored in the database.

[eluser]jedd[/eluser]
[quote author="stuffradio" date="1259890669"]
Would it be insecure to store the value the user posted in a session of the MD5 password.
[/quote]

If not insecure per se, at least pointless or gratuitous.

Just store the user's login name - and if that's present, then you assume they've logged in.

The user can't insert this data into their session, so it's as safe as storing a hashed password and then doing whatever it is that you were thinking you could do with that hashed password to compare it (how?) to the database (on every page load?).

Unless there's some functionality that you're trying to achieve that I've missed.

[eluser]stuffradio[/eluser]
It would be compared to the user table on every page load. Right now I'm just working on the Admin panel section.

[eluser]jedd[/eluser]
[quote author="stuffradio" date="1259892512"]
It would be compared to the user table on every page load.
[/quote]

Can I ask why?

[eluser]stuffradio[/eluser]
So I make sure the user is valid, actually I typed something incorrectly. The session table gets called every time a page loads to make sure the username that is logged in is valid and has permission to be there.