[wp-hackers] Logging a WPMU user into two different domains

Viper007Bond viper at viper007bond.com
Sat Jul 12 13:39:56 GMT 2008


Well WordPress.com does it, so it is obviously possible somehow.

On Sat, Jul 12, 2008 at 5:24 AM, Jeremy Visser <jeremy.visser at gmail.com>
wrote:

> On Sat, 2008-07-12 at 01:36 -0700, horatio wrote:
> > scenario:
> >
> > 1. user logs into main domain
> > 2. user is forwarded to his custom domain (different root domain)
> > 3. user's login status should be carried over to the new domain
> >
> > whats the most secure and future-proof way to do this?
>
> Well, to do this, you need to be able to set third-party cookies. This
> is, I believe, allowed by default in all major browsers, but who knows
> -- a major XSS issue could be discovered in the practice, and one day
> soon, third-party cookies may be blocked completely in all browsers by
> default.
>
> This can be done at login-time. I believe WordPress' (and WordPress
> MU's) cookie-setting functions are defined in pluggable.php, so you can
> override the function so that when you set the cookies, you also set the
> same cookies for the user's custom domain.
>
> --
> Jeremy Visser                                 http://jeremy.visser.name/
>
> ()                           ascii ribbon campaign — against HTML e-mail
> /\                                               http://asciiribbon.org/
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/


More information about the wp-hackers mailing list