On my site, when a user initially visits and they do not have an assigned session token, a 307 redirect them to a subdomain where the token is applied, and then brings them back to the page they were currently on. This is done for SSO across multiple domains and CNames.
But the 307 has a problem when social share buttons (Facebook, Twitter, Google Plus) is involved. The redirect is called, but the social sites appear to never leave the SSO subdomain.
I realize there are a few ways to solve this problem so my questions are:
What are the request domains of Facebook/Twitter/GooglePlus so logic can be worked in to not have them redirected to the sso domain?
Why aren't the social sites following the 307 redirect?
Can the social sites have a cookie or session attached to them?
