Many websites require a user to input a login identifier, or login ID, and a password before their web servers will grant access to information, products, and services to the user. The combination of the login ID and associated password allows the website to authenticate the user during subsequent visits to the website. Using multi-site user authentication systems, a web user can maintain a single login ID and associated password for accessing multiple, affiliated web servers or services on various domains.
Often, such systems employ “silent” authentication to sign the user into a site or service without re-asking for user credentials (including the user's login ID and password) when the user has previously signed in to an affiliated site or service hosted on a different domain. Authenticated sessions that have aged beyond a pre-determined time span, or have “timed out,” can be refreshed so as to remain valid. However, session refreshes are limited to a single domain, forcing a user to authenticate each individual domain upon the expiration of an authenticated session across multiple domains.