@darrenhillconsulting let's say your user input the password once, is there any reason to not set the GUID on the user's employee record ?
if it's integrated with a different system and you want extra security and force user to at least re-enter the password once per session, I would set the GUID on the runtime.Session.set(), and use it from there.
Is there a reason to not use one of those 2 approach ?