I need to implement a solution for one of my project, where I have multiple domains + multiple sub-domains and they all need to share the same session. All domains and sub-domains would be pointed to the single application which is connected to the single database.
Means if user logged in from any of the domain will be able to visit secure pages of other domains of the application. User may change domain via following a link or via opening a new tab in the browser.
I have gone through some articles and found some below mentioned solutions:-
Session in Database - What if other user from same network with same user agent hits?
iFrame message passing - I heard at somewhere, that iFrame renders on document load and, then checking session after showing some page content will annoy the user.
CURL request with CURLOPT_COOKIEFILE & CURLOPT_COOKIEJAR - I have played with this and it is working fine, but don't know if it is secure and not performance killer.
Single Sign On (SSO) - I need some R&D to implement this and it would be the last option.
Please suggest what to do?