Your option 2 can work if you put the session id in the URL e.g.

1. user logs in to http://non-homesite/login.cgi
2. create a new session (say its id is 123abc)
3. redirect them to http://homesite.com/login.cgi?sid=123abc

If your websites are on different servers, you'll need to store the sessions in the database to make this work.