A method for transferring session data includes receiving a hypertext transfer protocol (HTTP) request that includes user credential data from a client computer program; determining whether to apply a filter that includes data inclusion condition(s) or data exclusion condition(s) to data pertaining to a session between a first application and the client computer program; storing a data structure containing the user credential data in response to the client computer program not meeting the data inclusion condition(s) or the session meeting the data exclusion condition(s); transmitting an HTTP response that includes an identifier of the data structure and an identifier of a second computer program function, which utilizes the identifier of the data structure to retrieve data to authenticate the client computer program; and erasing the data structure from the memory to prevent replay attacks.