if you are using the cookies based authenticate, then you can also save
the user name into the cookies. For password, I am not sure it is a good
idea to save it in client side.
I think the better way is to use authenticated_userid to identity the
user and return whatever necessary to the request.