I would like to be able to log an existing customer into Magento automatically and then redirect them to the live Magento site, logged in. This is between two subdomains on the same server. The login will happen on app.mydomain.com (which is itself just a PHP app; not a Magento site), and then the Magento installation is at shop.mydomain.com.

I've tried a couple dozen permutations of this with no luck. Here's my current code:

// Include Magento app
require_once(config::$magento_root . '/app/Mage.php');
Varien_Profiler::enable();
Mage::setIsDeveloperMode(true);
ini_set('display_errors', 1);
umask(0);
Mage::app('default');

// Initialize Magento session
Mage::getSingleton('core/session', array('name' => 'frontend'));

// Get instance of customer model for the actual website
$customer = Mage::getModel('customer/customer')->setWebsiteId(Mage::app()->getStore()->getWebsiteId());

// Load the client with the appropriate email
$customer->loadByEmail($email_address);

// Get a customer session
$session = Mage::getSingleton('customer/session');

// Login and check the customer by his uid
$session->loginById($customer->getId());

// Redirect to shop home page
Mage::app()->getFrontController()->getResponse()->setRedirect(Mage::getBaseUrl())->sendResponse();

This does manage to log the user in ($session->loginById() returns 1), but upon redirect, the customer is logged out again. I've tried using session_destroy() before doing any of this; I've tried changing Magento's cookie domain to .mydomain.com, but nothing has worked yet. Is this even possible?

I ran into the same issue and found the solution.

$custSessionId='';

if ($session->isLoggedIn()) {
    //The following gives you the session id for that customer.
    $custSessionId = Mage::getModel("core/session")->getEncryptedSessionId();
}

// Redirect to shop home page
Mage::app()->getFrontController()->getResponse()->setRedirect(Mage::getBaseUrl() . '?SID=' . $custSessionId)->sendResponse();

first how you can identify this customer is your existing customer so i don't think you c an find that.. if you have any way to find that this is existing customer then you can autologin to customer and redirect where ever you want.

I don't think it's possible to do this between two subdomains, even if they are on the same server. So after some thought, and based on Steve Robbins' comment, I came up with another (hacky) solution.

From my (non-Magento) app, I looked up the Magento user ID I wanted to log in as and encrypted it. Then I created a PHP file in the root directory of my Magento installation that would decrypt that user ID, log into Magento, and redirect the user to the front page of Magento. After all this, it was simply a matter of passing that encrypted user ID from the app to the PHP file via a redirect with a querystring argument.

I think this could probably better be done with a custom Magento module to handle the routing, instead of a PHP file sitting on the server... but I don't know how to write a Magento module and we're in a time crunch.