Originally Posted by tangoforce
Well considering the next user would need to know the previous users password, I think its a no-go to be honest. You could also put the users ID number in the form (or a hashed version of it at least / random value) so that you can compare the session data to make sure it belongs to the right user should another login with the same session id.
As per Debbies request, you can save the entire $_GET and $_POST arrays in the session (along with the $_SERVER so you know the original url), do your login and then check / use them as you originally would have done. This is a method I've used for a few years with minimal hassle as I also had the same problem with my site (i have a session time out / password confirmation thing which needed to remember input and act on it after the login page).
The problem is....a good secure login regenerates session IDs/keys at the end of the session/session timeout/logout. So having to compare with session values...that is only possible in where the session IDs are not regenrated and therefore a secure-ish system which is prone to attacks, which I don't think any programmer aims for. See? Ajax based draft saving is the most secure.