encrypt password in session (#2988)

The goal is to encrypt password instead of storing it in clear text if the configuration requires to keep the password in session

The password can then be decrypted in a header, attribute or post field when it needs to be sent to another application