Authenticate user on NodeJS connecting from IIS hosted site

I currently have an antiquated CMS system that I'm trying to add a realtime chat feature to. The CMS runs using IIS, MSSQL and PHP.

The chat feature will run from a separate linux box running Nodejs and Socket.io

I've managed to get the CMS to successfully open a connection to the Node server and now I need some way of authenticating the user.

The Node server will NOT have a database behind it
The Node server will NOT be able to access the CMS other than through the socket
The possibility of new CMS users (very regular occurrence) means I can't just copy the users passwords to the Node server

My only idea at the moment is to put together an array of user data (id, name, email address), create a hash of this data and then send both the data and the hash to Node. The Node server would then attempt to hash the data and validate it against the hash sent by the CMS. (obviously both the CMS and Node would have a predetermined private salt for the hashing)

Is there a better way of achieving this?!

php
javascript
node.js
authentication
websocket

A good rule of thumb is: Don't roll your own crypto unless you're a cryptographer, and even then think twice.

My suggestion would be this:

Run both servers over HTTPS, on their own subdomain (same domain obviously)
Use a *.domain.com cookie domain on your session cookie, with the Secure and HttpOnly flags so that both subdomains can see it
Persist your PHP sessions in JSON to an external key/value store which both servers can access
The Node server can then simply look up valid sessions according to the ID in secure cookie