SSO / Cookies / Authentication: Is It Safe?

So a question like this goes with my question: authentication cookie

Our current organization has a CAS single sign-on system. I am managing several applications that use native sessions in ColdFusion. I could just use SSO for authentication, but when a user logs out of one of my systems, I want to make sure that I log out of all of my systems, but I won't know which ones are required. Trying to do it in a practical way. The good thing is that all my apps are in the same subdomain. SO ...

I have set three subdomain level cookies with 30 minutes expiration.

• Cookie A: contains the user ID
• Cookie B: contains a string with the expiration date / time
• Cookie C: Contains a HASH of the two with some SALT added to

I think that if the user tries to change the user id, the HASH check will fail. If someone got on the machine and tried to change the expiration date, the HASH check will fail. This way, we hope to make it safe. And when someone logs out, I clear the cookie that is shared with all of them, and if they come back to any system, they are forced to register again. I check the hash on every page load and update the cookie periodically to extend the expiration date.

EDIT: Also, if a user logs into app 1 and then goes to app 2, I don't use cookies for authentication, I send them back to SSO and only if they are still logged into SSO do they log in. So I only use cookies to log them out and make sure they are still logged in. END EDIT

Aside from having the user id "open" in the cookie, is it safe / where could it fail or be compromised?

I don't want to store sessions or anything like that in the DB if it can be avoided.