I have a webservice (abc.com) for my company with an own user database and it is working just fine. Now my company wants to add some additional services which are located on a completly different server with another domain (xyz.com) but still use the same login data from abc.com because we have complete control over it and there are going to be similar servers like xyz.com so it is out of question to just import the user database on xyz.com.
My first thought was to use my checkuser.php from abc.com while submitting the login form from xyz.com but then I learned that the session cookie stuff is bound to the domain. At least that is how I understood it.
After that I wanted to access my checkuser.php via AJAX and HTTPS and submit the session data encrypted via POST to xyz.com. That failed too as AJAX seems not to work across multiple servers for security reasons.
Now I am out of ideas and dont know how I can securly authenticate out users on the foreign servers using our user database.
I would use single sign on (SSO) in stead of a shared session. That way, you don’t make the sites code dependent on each other. If you later decide to change something on one of the sites, there is less reason to worry about breaking functionality on the other sites, and if you choose to link in a new site you are able to reuse the same solution.
What’s better is that someone already made it for you, and it may even be more secure that what you’ll be able to create yourself.
Wikipedia has some good general knowledge on SSO. Also, look into OAuth and OpenID. Combine these terms with PHP and a search should get you on the right track.