How do I authorize users (logged into my website) to use my firefox addon

I made a Firefox addon using the Greasemonkey script compiler at arantius.com/misc/greasemonkey/script-compiler. The addon gets data from my server and displays it on 3rd party websites. Now I want to restrict access to authenticated users only. What is the best way to do this?

The users have an acount on my website (made with Drupal 7), which sets a session-cookie on login. So I tried to get my addon to read the session-cookie, send it to the backend, which then checks the login state.

But since the javascript of my 开发者_高级运维addon runs in the scope of the 3rd party website, it's not allowed to access my cookie. I get this error:

Error: <http://de.wikipedia.org> wurde die Erlaubnis für das Lesen der Eigenschaft XPCComponents.classes verweigert.

(en: "Error: wikipedia was not allowed to read the property XPCComponents.classes")

Dispite security concerns I tried to use unsafeWindow, but the code still fails:

try {
    unsafeWindow.netscape.security.PrivilegeManager
    .enablePrivilege('UniversalXPConnect');
    var cookieMgr = Components.classes["@mozilla.org/cookiemanager;1"]
    .getService(Components.interfaces.nsICookieManager);
}
catch (errorInfo)
{
    alert(errorInfo);
}

I know now that cross domain cookies are not supposed to be possible. But how can I get around this? How do other addons do authentication (e.g. Delicious Bookmarks, StumbleUpon and so many others).

Any hints or pointers would be very much appreciated.

Use GM_xmlhttpRequest to request the login state at your website?

As an alternative you can also use GM_setValue/GM_getValue to store the login status.