I agree with Chady that storing any secure information via hidden fields is not the best idea. Someone up to no good could use this as a way to brute force for other working login / passwords. The other option nobody has covered yet is to work with Sessions. I ran into this problem when designing a virtual host control panel for a client. The difference was though I couldn't use hidden fields as not all page navigation was through forms. What I did in the end was create a MySQL database that stored the information I wanted to save along with a unique session ID number. This session ID number is what I passed along through the pages and through the HREF navigation sections. Then for each loaded page I had the script check back into the database and retrieve the information stored for that particular session ID and verify it. You can make the session ID a long string of characters and numbers to make it hard for someone else to guess one. You must make sure that you remove the session ID's from the database promptly once the user has left the site, however, or you'll have a whole nother security problem with people trying to guess session ID's all day. I got around this by creating a timestamp field in the table and everytime the user went to a new page this field was updated to the new time. I then wrote a quick cron script to run every minute that would check the database for expired sessions (sessions that haven't updated the timestamp in say...5 minutes).
Hope that helps.
Adam