Implementing a single login for three websites in PHP?

I have a network for three websites that related.

 - site1.domain.com
 - site2.domain.com
 - site3.domain.com

Currently, each submdomain has ~100 accounts in three separate databases. They login separately for each domain. I'd like to create site0.domain.com that lets them authenticate against one database, and then automatically log the user in to each site as they visit them.

I'm not too sure how to do this. I've heard terms thrown around like Open ID and Federations and Single Sign On but I've never wanted to integrate sites like this before.

Any tips on firstly, how this is accomplished technically (I'm using PHP/MySQL) and secondly, what is a good plan for migrating existing user accounts over to use the single sign on without interrupting service?

I'm guessing a user can login via a form on site0 and it will auth the user against a database and create a database row for their session, with an accompanying token. The token is set in a session variable cookie. The user visits site1,site2,or site3 and if a token variable is set in the GET request, it connects to the same database site0 uses, searches for the token, and returns the correct user row. Is that pretty much how this works? Any more technical advice would be great...

As far as migrating, I guess I can have the users create their site0 login or 'connect' their user account to the site0 login if they haven't yet each time they login to one of the sites. After 30 days, all the sites开发者_运维问答 stop accepting normal logins and the user is forced to create a site0 login. When they create a site0 login it asks for their site1,site2,or site3 username/password so it can get the right user information.

---

Take a look at something like SimpleSAMLphp It's a great library for doing this kind of thing.