If you want to make a nice widget for someone with some Ajax in it, you will learn quickly one thing : Same Origin Policy.
This security feature is a pain for developer, but usefull for anybody, because this prevent XSS injection for example. But, with this, we can make a query in a different domain with the XMLHttpRequest object.
In reallity, you can, but it’s not the same thing if it’s IE or Firefox or Webkit. For IE, we have the XDomainRequest. This object allow to do Ajax query in a different domain, but, you can’t add some headers, and, the most important, you can’t use cookie with it. Second point, same as Firefox, the browser will check if the requested domain accepts query from you (Access-Control-Allow-Origin header).
For Firefox, you can use the XMLHttpRequest object, but you have to check the Access-Control-Allow-Origin header from server.
For Webkit, I don’t really see a dificulty for make Ajax cross-domain query.
If you need cookies for IE, you can add a wrapper in JSONP, like me. And after that give the PHPSESSID all the time in your queries.
