How To Authenticate Across Subdomains

I'm working on a web application which actually consists of two applications under the hood. One application is called account and handles all things related to user accounts such authentication, registration and management of the account. I also have an application we'll just call web.

The thing is that account listens on https://account.domain.com using SSL/TLS, and web listens on http://www.domain.com.

What options do I have for having people log in and authenticate account.domain.com and then redirecting them to www.domain.com where they're actually then logged in. As far as I know, you can't set up a cookie on account.domain.com and then have it work on domain.com as that would be a security risk.

Some background details about my applications:

1. Written in the Go programming language.

2. Makes use of the Gorilla Toolkit for most of the HTTP/HTTPS interfacing, URL routing and handling POST/GET parameters.

3. Both applications live on the same virtual server.

What I'm looking for is a secure way to authenticate and manage a session across all subdomains of and the actual domain domain.com. I'm not particularly well versed in this subject, so aside from setting cookies, I don't know much.

I'm not familiar enough with gorilla but something like should work:

var store = sessions.NewCookieStore([]byte("something-very-secret"))

func init() {
	store.Options = &sessions.Options{
		Domain:   "domain.com", //this
		HttpOnly: true,
	}
}

Basically you just have to set the cookie's domain to .domain.com (with the prefix .), there's a more detailed explanation in https://stackoverflow.com/a/1063760/145587

//edit

According to @Volker, the dot isn't needed (see comments).