When a Bob logs into the software at Your Site they should be assigned a HTTP cookie (formatted however your app likes) that identifies them on future page requests. Each time Bob requests a page on Your Site, his web browser helpfully (and automatically) sends this cookie along with the request. Your Site recognizes this cookie and knows to keep him signed in as "Bob".When Bob visits Your Forum, ProxyConnect will have access to his entire list of cookies, including the one from your app. ProxyConnect reads that list (name + value pair) and stores it temporarily. Remember, this is all happening lightning fast in the background, before the first page even loads for Bob.Here's where it gets clever and a little bit tricky. ProxyConnect (using information you provide to it during setup) makes a request to Your Site. During that request, it sends the aforementioned list of cookies just like Bob's browser would have done. This lets ProxyConnect pretend to be Bob for this one request. Your Site should then behave as if the Bob himself had visited it. ProxyConnect uses this privileged status to request Bob's UserID, Email Address and Username from Your Site.
Vanilla Forums COO [GitHub, Twitter, About.me]