Open a session -> send a session cookie -> get the session_id -> register a variable with the session-id as name -> fill it with the session_id -> register it in the sesson.

session_start();
setcookie("PHPSESSID", session_id(), 0, "/", "domain.com", 0);
$sess = session_id();
$$sess = $sess;
session_register("all","your","variables","and","$sess");

Check the authentification in every site you have to.
1. If no cookie was transmitted, die.
2. If cookie is ok but there is no session variable with the name of the session_id, die.

if(!isset($_COOKIE['PHPSESSID']) OR! isset($$_COOKIE['PHPSESSID']))

Think about it and let me know...
(of course, sending the cookie over SSL would be better)