Also, could this simply be done by pointing each site to the same mySQL database?

yes. have you tried it?

I'd use PHP session, and set a $_SESSION variable which would then get checked for at the beginning of each page they visit. This will work fine, as long as you're not needing to remember the username next time they visit (i.e. close their browser).

If you do want to remember the login, you'll need to set a cookie, which is a little more complicated. You can read the basics on setting a session here:

http://www.tizag.com/phpT/phpsessions.php

and here:

http://php.about.com/od/advancedphp/ss/php_sessions.htm

In most cases, once the user's logged in, you really only need one $_SESSION variable across your whole site (username). That would look like this in php, and would go before the opening HTML tag on pages where you need the user to be logged in.

<?php
session_start();
$username = $_SESSION['username'];
?>

On a given page, once you've got the session started and the username php variable set (i.e. $username), then you can use it to call up your user's info from your database. Hope this gives you a start, anyway. Rather than trying to cover the whole thing here, I'd post specific code problems you encounter at each step.

For this you need a session variable that is allowed across subdomains.

$my_ABC_session = session_name("my_ABC_session");
session_set_cookie_params(0, '/', '.site.com');
session_start();

The session_name must be the same on every page in every subdomain or you will generate a new session id. The set_cookie_params is impt to ensure that all subdomains of site.com ('/' is the following path to include).

I've done this on different domains, i'll see if i can find what i did..

I set it so the login updated the token in both databases, then on the redirect included the token in a GET var, which soon as you jump across to the new site it resets a new token so it cant get hijacked.

so login site1 -> token="12345"
go to site2?token=12345 -> logged in token changed to 15343
back to site1?token=15343 -> logged in token changed to 84512

etc.

obviously more complex tokens

also if your site uses cookies a quick fix might be to update the setcookie command

setcookie("token", $token, $expire, "/");

the final var "/" is the path on your domain the cookie will be visible so set it to "/" and it will appear in any subdirectory on your domain, then you just need to write in the token to all login databases.

which should be an UPDATE mysql query eg. UPDATE users set token = '$token'
make it 3 queries updating all 3 sites databases