Here are a few points you need to be aware of:
All browser security rules apply. GWT is merely a javascript-to-html presentation. If you cannot pass information from a frame or iframe to another frame in Javascript, you cannot do it with GWT.
Just as with any HTML+Javascript client, GWT is merely a front-end for the log-in window that you are having. Any session information or cookie is still constrained by the "same origin" principle. GWT will not be able to help you dig into the cookie jars of the browser and pass them liberally around.
For client-server apps, you should look at GWT RPC.
For cross-domain apps, you need to look at JSONP.
For unified or single sign-on, you need to look at OpenId.
To share information across domains of a single sign-on, look at OAuth.
For single sign-on for Google only, use Google accounts/federated login.
In a login operation, the GWT widgets used to accept login info will pass that info to the server thro GWT RPC.
Then the server would authenticate the sign-in and if authenticated, the server would trigger the appropriate session cookie to be set on the browser. This authentication process is regardless if you use GWT or Flash or anything else on the browser.
GWT will not be able to help you smash down the security wall the browser makers erected to prevent one site from reading the information of another site.
It may be that you need to understand the basic browser-client to http-server technologies first.