I've just signed up, but find it surprising you've not found an answer elsewhere.
As you've already found out, you can't pass surrogate authentication tokens using cookies.
You've not provided any details on how authentication for your current site is implemented nor the tools you have available for programming the sites. But I'll assume that the authentication mechanism is written in a language which runs on the webserver and uses a cookie to keep track of the session.
In that case, you've already got code on every url which requires authentication to check if the session has been authenticated, and then take the appropriate action - either actioning the request or redirecting to a login page. All you need to do is deal with the scenario where there is no authenticated session and there is an encrypted variable passed in the URL (i.e. as a GET). You decrypt the value, check its valid and create a session at this point. Then on your login page, after a successful login, you redirect, appending the appropriate key/value pair to the URL.
That's a brief overview - there are some tweaks you need to think about (e.g. do you want the same session data shared across all sites, do you want to rebind the session for different sessions to ensure that it doesn't expire server-side) and you also need to think about how you prevent replay attacks (e.g. including a TTL in the encrypted payload, including a randomly generated challenge, but beware of using the client IP address).
Since you're only encrypting/decrypting server-side, symmetric encryption is adequate.