Using easyXDM messages, I can send a user name to the remote domain (or sub-domain), to automatically log me into that application.
However, I would be surprised if there are no security concerns, and was thinking a token (one shot or once per iframe reload) would be a good idea.
Any suggestions in terms of methods and code? easyXDM is the message transport, and both domains have .php on the server side.
In general, the work I am doing is with WordPress and Moodle, if that helps (WP front end, Moodle embedded)