[wp-hackers] Logging a WPMU user into two different domains
horatio
bnabble at says.mu
Sun Jul 13 18:28:00 GMT 2008
Ahhh yeah. I assumed I'd have to setup a cross-domain login table like that.
Thanks for confirming and explaining. Shouldn't be difficult, but will you
guys ever release that code into WPMU-land?
Andy Skelton wrote:
>
> On Sat, Jul 12, 2008 at 3:36 AM, horatio <bnabble at says.mu> wrote:
>> 1. user logs into main domain
>> 2. user is forwarded to his custom domain (different root domain)
>> 3. user's login status should be carried over to the new domain
>>
>> whats the most secure and future-proof way to do this?
>
> On WordPress.com we have a script called remote-login.php that does
> all of this. If you have a WordPress.com account, you can see it in
> action by visiting any domain-mapped blog while logged in to
> wordpress.com. Here's the rundown:
>
> When you visit a domain mapped blog (example.com) we include a script like
> this:
> http://wordpress.com/remote-login.php?action=js&...
>
> If you are logged in, cookies are sent with that request to
> wordpress.com. Seeing no cookies, the script is blank. If login
> cookies are present, the script generates a login key, saves it, and
> redirects you:
> http://example.com/remote-login.php?login=12345abc67890def
>
> That login key is looked up and if valid, you are given login cookies
> for example.com, the key is deleted (one-time use) and you get
> redirected to example.com. This time your request includes login
> cookies.
>
> The whole process usually takes only a second or two.
>
> Cheers,
> Andy
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
--
View this message in context: http://www.nabble.com/Logging-a-WPMU-user-into-two-different-domains-tp18417124p18432226.html
Sent from the Wordpress Hackers mailing list archive at Nabble.com.
More information about the wp-hackers
mailing list