The main issue with switching sites and staying logged in is the session that holds their login status is stored in a cookie which is domain specific, so when you go to another domain their session is 'new' to that site and thus they need to sign in.
Along with Matt's recommendation, what we did for another client is created 2 webparts. A "Site Switcher" and a "Auto Login Receiver"
The Site Switcher would, on postback, create a guid and save that user's name along with the guid in a temporary table, with a timestamp. Then it would redirect the user to the other site on the page with the Auto Login Receiver webpart, along with (in the form data) the Guid.
The auto login receiver would check for the guid in the Form Data, and lookup the username on the temp table by Guid, if the record was within say 30 seconds it would use Kentico's API to force log them in, and delete the temporary record.
It was secure enough because the guid (although it was in the Form) it is only usable once and you can't really guess a guid.
This is kind of what Kentico does with it's site switcher tool on the Kentico Admin, if you use it you can be auto-logged into the other site, but if you go to the other site via typing it in the URL you'll be prompted with a username/password login screen.