[wp-hackers] Logging a WPMU user into two different domains

Otto otto at ottodestruct.com
Sat Jul 12 14:38:14 GMT 2008


wp.com sets a cookie on the wp.com domain, and all the references
inside the page, including the login bar and everything else, come
from s.wordpress.com.

Look closely at icanhascheezburger.com, for example.


On Sat, Jul 12, 2008 at 8:39 AM, Viper007Bond <viper at viper007bond.com> wrote:
> Well WordPress.com does it, so it is obviously possible somehow.
>
> On Sat, Jul 12, 2008 at 5:24 AM, Jeremy Visser <jeremy.visser at gmail.com>
> wrote:
>
>> On Sat, 2008-07-12 at 01:36 -0700, horatio wrote:
>> > scenario:
>> >
>> > 1. user logs into main domain
>> > 2. user is forwarded to his custom domain (different root domain)
>> > 3. user's login status should be carried over to the new domain
>> >
>> > whats the most secure and future-proof way to do this?
>>
>> Well, to do this, you need to be able to set third-party cookies. This
>> is, I believe, allowed by default in all major browsers, but who knows
>> -- a major XSS issue could be discovered in the practice, and one day
>> soon, third-party cookies may be blocked completely in all browsers by
>> default.
>>
>> This can be done at login-time. I believe WordPress' (and WordPress
>> MU's) cookie-setting functions are defined in pluggable.php, so you can
>> override the function so that when you set the cookies, you also set the
>> same cookies for the user's custom domain.
>>
>> --
>> Jeremy Visser                                 http://jeremy.visser.name/
>>
>> ()                           ascii ribbon campaign — against HTML e-mail
>> /\                                               http://asciiribbon.org/
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
>
>
> --
> Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list