[wp-hackers] Logging a WPMU user into two different domains
Jeremy Visser
jeremy.visser at gmail.com
Sat Jul 12 12:24:30 GMT 2008
On Sat, 2008-07-12 at 01:36 -0700, horatio wrote:
> scenario:
>
> 1. user logs into main domain
> 2. user is forwarded to his custom domain (different root domain)
> 3. user's login status should be carried over to the new domain
>
> whats the most secure and future-proof way to do this?
Well, to do this, you need to be able to set third-party cookies. This
is, I believe, allowed by default in all major browsers, but who knows
-- a major XSS issue could be discovered in the practice, and one day
soon, third-party cookies may be blocked completely in all browsers by
default.
This can be done at login-time. I believe WordPress' (and WordPress
MU's) cookie-setting functions are defined in pluggable.php, so you can
override the function so that when you set the cookies, you also set the
same cookies for the user's custom domain.
--
Jeremy Visser http://jeremy.visser.name/
() ascii ribbon campaign — against HTML e-mail
/\ http://asciiribbon.org/
More information about the wp-hackers
mailing list