What’s the best way to handle authentication across multiple different domains under the same service?

For a social networking site example.com, users all have their own domains. How can you keep someone seamlessly authenticated across all domains?
For the main site, example.com, I am currently using:
<?php
session_start();
//han… Continue reading What’s the best way to handle authentication across multiple different domains under the same service?

Would a hostname from an HTTPS iframe leak if loaded after a successful connection with another HTTPS hostname which displayed the iframe

If your internet traffic had an eavesdropper and you access a website using HTTPS from my understanding they would know the domain name (hostname) that you visit (as well as some other things), but if after logging into that first site (wh… Continue reading Would a hostname from an HTTPS iframe leak if loaded after a successful connection with another HTTPS hostname which displayed the iframe

Why some payment methods allow being embedded in an iframe and some don’t?

Let’s take some examples:

Pay Pal, Apple Pay (examples via Saferpay) – will not load in an iFrame
Visa Checkout, Stripe (example), Saferpay (link above) – credit card data can be input in an iFrame

Is there any technical/security reason … Continue reading Why some payment methods allow being embedded in an iframe and some don’t?