Storing user credentials to 3rd-party service in the session - is it secure?

I'm developing a custom CMS that is based on a 3rd party software's API (cPanel). I don't need to store usernames+passwords in the DB, but I do need to store username and password while the user is logged in.

I decided to store passwords in the user's session session.

I can't use MD5, SHA, has开发者_运维百科h, etc. because the passwords are going to 3rd party software.

I can't store them in the DB, because I can't use MD5, SHA, etc.

Is it secure to store a user's password in the session? Do you know a secure way?

The third party should supply some kind of session identifier (hash), and you shouldn't have access to the user's username and password, and at all costs, not even have the opportunity to save them in any way...

The password shouldn't be saved, or can you give us one good reason why you need to save the password?

EDIT: This should be the solution: http://docs.cpanel.net/twiki/bin/view/SoftwareDevelopmentKit/ApiAuthentication#Sample%20PHP%20script and http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/RemoteAccess

If you cant use any encryption, don't save password in sessions as if anyone got your session key, he can very easily get your password. Saving it in database will be more secured and appropriate.