The reverse proxy would only be needed if the login servers must remain hidden. Otherwise, having login.example.com set a domain cookie for .example.com, which is the authentication token for static.example.com, should be enough.

Many popular sites use the separate login server approach.