Cross-domain authentication

Goal: Force SSL for backend. There’s lots of info in the codex on this for those who don’t know what I’m talking about:

I’ve received many concerned mails about the implications of Firesheep & Idiocy in the last couple days. Frankly, I see the real issue here being people using free wifi and not understanding it. We understand there’s always a risk sending unencrypted packets over a network (the internet), but unencrypted wifi is just plain bad news. Personally, I’d be much happier auto-generating VPN credentials for our paying customers…for various reasons…but our users have spoken. We must have SSL.

Situation: Currently, most of our registered users follow this traffic pattern:

Direct traffic to {ourname.tld} -> Click on login & authenticate -> Auto-redirected to “My Blogs” -> click on “Dashboard” for blog in question -> perform administration of blog

With or without SSL enabled, users have always had to re-login to their mapped domain names if they subsequently try to access a restricted feature from the frontend of the site. They can access their Dashboard from the “My Blogs” link without issue, which takes them to {signupname}.{ourname.tld} but if they try to use a feature on {mapped-name.tld}, such as the “Preview” button while writing a post/page, they have to do a 2nd login on {mapped-name.tld{. This was never ideal, but it’s how it’s been working, and users have come to accept it.

If we force SSL, when they go to do that 2nd login

A) they’re vulnerable to the software above

B) they’ll get a certificate error, something that will deeply trouble them (being particularly non-technical and all)

Problem: The redirect from {signupname}.{ourname.tld} to {mapped-domain.tld}, while fantastic, needs to be turned off for logged in users.

Question about Resolution: How would I go about hacking that functionality into Multi-Domains / Domain mapping system? Through sunrise? Have any of you had to do this before?