[Vince]

Please, please, stop using the "mysql" extension. Especially in new projects. The extension has been deprecated and has been completely removed in PHP7. Once hosts start to migrate to PHP7 this code will just cease to work. Use mysqli or PDO instead. It's seriously not that hard.

Also I have no idea why you are even storing the password in a session variable since it is presumably only needed once. But you will need to show where and how you retrieve it, regardless.