The business requirements I have been working with dictate that users should be able to work across various deployed webapp contexts in our ecosystem with a single password-based login after registering. The databases are a convoluted collection of write-optimized administration tables and read-only datamart tables. The (horizontally scaled) Tomcat 7 application servers sit upstream nginx 1.2.6 in a single VPC.
may not be the best way to go about intra-domain auto-authentication,
but sharing a single cookie for
secure.example.com/app2/ is much easier to set-up and
maintain for now.