Skip to:
Content
Pages
Categories
Search
Top
Bottom

WP and BBpress sharing login accross different domains


  • jel3
    Member

    @jel3

    Is this possible? I’ve tried every configuration I can think of and it’s just not working. Am i just missing something simple or is it not possible?

Viewing 6 replies - 1 through 6 (of 6 total)

  • howtogeek
    Member

    @howtogeek

    The problem is that WordPress and BBpress both use cookies for login.

    Since your browser will only send the cookie for the domain that it was set on, it’s not going to work automatically.

    You could use the same login database, of course. It’s just not going to be transparent.


    jel3
    Member

    @jel3

    I guess I’ll have to set up the wordpress login to redirect to the bbpress login page sending over the user info and then loging them into bbpress and redirecting them back to where they started.

    But that seems like a lot of goings ons for a simple login. Any ideas on how I could simplify that at all?

    Another thought would be to create a plugin to check for the wordpress cookie and then if present set the bbpress cookies.


    Beau Lebens
    Participant

    @beaulebens

    @jel3: it’s possible on different *sub*domains, but not on entirely different domains (transparently, as you said).

    Beau


    Sam Bauers
    Participant

    @sambauers

    There may be some trickery you could do using iFrames to get the two different domains sending cookies at the same time on login. It wouldn’t be pretty though, and you would have to really test your code for vulnerabilities.


    _ck_
    Participant

    @_ck_

    This indeed is a very tricky problem because everything about a browser’s security is designed to prevent this from happening.

    WordPress.com addresses it in one possible way (across multiple domain names) via I believe a hidden iframe (as Sam suggests).

    I’ve noticed cookies are still sent with images loaded from another domain so that might be another way but you’ll still not be able to read them on the server since it’s not the local domain.


    howtogeek
    Member

    @howtogeek

    There’s no simple way to do this… and there’s a ton of possible security holes if you do it wrong.

    You will need to have a database table to store session information, and check that on every page load.

    The iframe approach would need to only indicate that the user was logged on, but make sure you don’t set the password cookie that way… just the sessionid or userid, and then each application would have to check the shared session store.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.
Skip to toolbar