ASP.Net Store User Password in Session cookie?

Question

I know the Membership provider stores the user name and an expiration time in an encrypted cookie and then uses that to verify the user is still logged in for a session.

Answer 1

You should store it in session state, which never leaves the server.

You should also try to change those web services to use authentication tickets instead of passwords (eg, OAuth), because it's never a good idea to store passwords in plain text.