Sharing Sessions with 302 Redirects/IMG SRC/ JSONP and implications with Google

I am currently researching the best way to share the same session across two domains (for a shared shopping cart / shared account feature). I have decided on two of three different approaches:

Every 15 minutes, send a one time only token (made from a secret and user IP/user agent) to “sync the sessions” using:

1. img src tag

img src="“urlsafebase64_hash”

  • displays an empty 1x1 pixel image and starts a remote session session with the same session ID on the remote server. The png is actually a PHP script with some mod_rewrite action.
  • Drawbacks: what if images are disabled?

2. a succession of 302 redirect headers (almost same as above, just sending token using 302’s instead:

redirect to“urlsafebase64_hash”
then from, set(or refresh) the session and redirect back to to continue original request.

  • Question: What does Google think about this in terms of SEO/Pagerank?? Will their bots have issues crawling my site properly? Will they think I am trying to trick the user?
  • Drawbacks: 3 requests before a user gets a page load, which is slower than the IMG technique.
  • Advantages: Almost always works?

3. use jsonp to do the same as above.

  • Drawbacks: won’t work if javascript is disabled. I am avoiding this option because of particularly this.
  • Advantages: callback function on success may be useful (but not really in this situation)

My questions are:

  • What will google think of using 302’s as stated in example 2 above? Will they punish me?
  • What do you think the best way is?
  • Are there any security implications?
  • Am I not realizing something else that might cause problems?

Thanks for all the help in advance!