IE7's new security model not allowing cookie to be set in cross-domain iframe

[eluser]Mike Ryan[/eluser]
Hi Dave,

If you have some control over the large company's site, how about something like this:
1) User goes to company.com and sees login form
2) Login form is submitted to company.com/login
3) Company.com/login sends a secure http request to your server with the username/password
4) Your server does the authentication and returns the result to company.com
5) If user authenticated successfully, company.com sets cookie

Although this still uses cookies, it would get around the cross-domain problem with IE7.