(I may have gotten the domains switched around in this answer, but the theory should be the same.)
Your best bet would be to do a cross-domain AJAX request from the gamekeg.com login page to customazon.com (you'll need to send some special headers to allow the cross-domain request — read more on that link). Under normal circumstances, this is impossible unless you control both sites (which you seem to).
On the gamekeg.com login page, after the user has successfully logged in, you can make a call like this:
// I don't expect you to use jQuery, but I don't recall the entire
// AJAX process off of the top of my head. You may have to set
// xhr.withCredentials = true or something.
$.ajax(
"http://customazon.com/ajax_login.php",
{
"username": <?php echo $username; ?>,
"password_hash": <?php echo $password_hash; ?>
}
);
ajax_login.php
might be something like:
// Send appropriate cross-domain headers here.
// In addition, you must configure your crossdomain.xml in your root.
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Origin: http://source.com");
header("Access-Control-Allow-Headers: Content-Type, *");
if (isset($_POST["username"]) && isset($_POST["password_hash"])) {
setcookie("username", $_POST["username"], time() + 24 * 60 * 60);
setcookie("password", $_POST["password_hash"], time() + 24 * 60 * 60);
}
Then, on the frame container, you can do a check every so often to see if the user is logged in (readCookie
taken from QuirksMode):
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
}
return null;
}
function checkAjaxLogin() {
if (readCookie("username") !== null && readCookie("password")) {
// You're logged in now; refreshing the page should
// do the rest, assuming the cookies are named correctly.
window.location.refresh();
}
}
If you can use Flash, however, the process might be expedited as Flash requests don't care about cross-domain policy. However, I haven't the skill in Flash to provide an example and there's probably plenty, anyways.