You could store the password as a transient, then pass the transient key in the URL instead so it can be retrieved using that key on the next page.
function process_my_form() {
if ( ! empty($_POST['password']) ) {
$password = ($_POST['password']);
} else {return;}
/* Store Password via Transient API */
$passkey = wp_generate_password(12, false);
add_transient($passkey, $password, 300);
wp_safe_redirect( esc_url_raw( add_query_arg( 'passkey', $passkey, '/secure-window' ) ) );
exit;
}
add_action( 'admin_post_process_my_form', 'process_my_form' );
add_action( 'admin_post_nopriv_process_my_form', 'process_my_form' );
/* Example */
function process_password() {
if ( !strstr($_SERVER['REQUEST_URI'], 'secure-window' ) {return;}
if ( !isset($_POST['passkey']) ) {return;}
$passkey = $_POST['passkey'];
$password = get_transient($passkey);
delete_transient($passkey);
/* ... ... */
}
add_action( 'init', 'process_password' );