I wish to create an application that will be spawned within a host web
application after the container app has authorized a user. These two
apps are seperately developed/maintained, and can only share
information via the normal methods (post/get, cookies, etc...). What
is the best and most secure way to pass authorization to the spawned
application?