[wp-hackers] Single sign-on with Wordpress & Mediawiki
ai2097 at users.sourceforge.net
Wed Oct 31 20:29:20 GMT 2007
On Wed, 31 Oct 2007 15:33:20 -0400, Callum Macdonald
<lists.automattic.com at callum-macdonald.com> wrote:
> Travis Snoozy wrote:
> Sounds like an interesting approach.
> How does the client application (say WordPress) determine if the user
> is logged in from their cookie?
In WordPress' case, the plugin simply forces a logged-in state with a
call to wp_set_current_user(). The plugin determines logged-in state by
asking the authorization provider whether or not the user is logged in.
How this determination is made (PHP session, in-cookie info, etc.) can
be changed, without affecting how the plugin works at all.
> Is it via a PHP session? If it is, I'm guessing the applications
> would need to be on the same server to share PHP sessions.
Yes, but the implementation could be changed. A nonce or other
time-sensitive, one-use token would also be sufficient for this; it's
just a simple matter of coding. ;)
> I'd be interested to see the code.
Sure thing; I've put the (rough, rough, 10-grit, I hacked it up
in a single sleepless night as a proof of concept and haven't
touched it since rough) prototype up. I'm going to be tied up with
*ahem* "important business" this month, but I'm happy to field
The prototype does handle:
* Account creations
* Password changes (to the "master" account, via WordPress)
It doesn't (yet) handle:
* Password changes (from the "master" account to other products)
* Account deletions
* Account management frontend (i.e., independent of any other products)
* Initial account import/merging
* Initial "unified" admin account setup
* Applications other than WordPress (I'm only familiar with WP's
plugin architecture & codebase ;)
In Series maintainer
Random coder & quality guy
More information about the wp-hackers