Instead of storing the password on the user's machine you can store a session id and have the server timeout the session id after a suitable period of time.