I know this is old, but to directly answer the question in lay terms....

Username/hashed-password are credentials that work anywhere & at any time. In contrast, a session ID is a credential that is valid only for one IP address and for only as long as the session is open. Therefore, a username/password has far greater power than a session ID. Therefore, storing user/password credentials is a far greater greater security risk than storing a session ID. Therefore, it's best to store the least risky credential in the browser's cookie store.