Applications that use hypertext transfer protocol (“HTTP”) often use the concept of session cookies to maintain an authentication assert of a particular user, or client. In HTTP, sessions are maintained by sending a named token in an HTTP header that can be used by the application server to look up or validate the identity of the requestor of the transaction. Such a model works well with Layer 7 (“L7”) applications, where the requestor or client can easily add tokens to the application protocol. However, current methods do not work with respect to service function chains in Layer 2 (“L2”) and Layer 3 (“L3”) oriented services, such as in the service topology layer of a network.