Maintain session state data in a way that keeps it tied to the authentication cookie

I am developing an ASP.NET MVC 3 Application that is essentially a proxy to a database. To lo开发者_如何学Cgin, users must provide their database user and name. (I know it isn't a good idea to use database users as application users, but I didn't design the database, so don't blame me.)

When my users log in, I would like to store in a session variable their username and password:

Session["UserID"] = TheConnectionStringBuilder.UserID;
Session["Password"] = TheConnectionStringBuilder.Password;

However, session state is not intrinsically tied to the authentication cookie, and this could cause problems later. Is there any way to keep session state data in such a way that it remains tied to the authentication cookie?

One of the way could be matching session state time-out with authentication time-out using configuration. For example,

<authentication mode="Forms">
 <forms timeout="30" />
</authentication>

<sessionState timeout="31" />

Yet another way would be to store credentials into some persistent store (such as file) tagged with some generated key and then keep this key in authentication cookie. However, I feel this is a round about way of doing things and I would rather go with session approach.

For some reason, if you don't find the user id/password in the session (for example, application pool recycle), you can force user to re-login (by using FormsAuthentication.SignOut followed by RedirectToLoginPage).