you wont be able to do that through a hidden field, you cant populate the login form with the users details before they have logged in.
instead, you should edit the authenticate user sever behavior, on the session tab, set the active column to save to a session on login.
then create an access rule based on the active session;
allow if: session active = y