I made a Firefox addon using the Greasemonkey script compiler at arantius.com/misc/greasemonkey/script-compiler. The addon gets data from my server and displays it on 3rd party websites. Now I want to restrict access to authenticated users only. What is the best way to do this?

The users have an acount on my website (made with Drupal 7), which sets a session-cookie on login. So I tried to get my addon to read the session-cookie, send it to the backend, which then checks the login state.

But since the javascript of my addon runs in the scope of the 3rd party website, it’s not allowed to access my cookie. I get this error:

Error: <http://de.wikipedia.org> wurde
die Erlaubnis für das Lesen der
Eigenschaft XPCComponents.classes
verweigert.

(en: “Error: wikipedia
was not allowed to read the property
XPCComponents.classes”)

Dispite security concerns I tried to use unsafeWindow, but the code still fails:

try {
    unsafeWindow.netscape.security.PrivilegeManager
    .enablePrivilege('UniversalXPConnect');
    var cookieMgr = Components.classes["@mozilla.org/cookiemanager;1"]
    .getService(Components.interfaces.nsICookieManager);
}
catch (errorInfo)
{
    alert(errorInfo);
}

I know now that cross domain cookies are not supposed to be possible. But how can I get around this? How do other addons do authentication (e.g. Delicious Bookmarks, StumbleUpon and so many others).

Any hints or pointers would be very much appreciated.