Re: bbPress Integration plugin for WPMU
Here is the latest integration rundown. I first lay out some helpful hints to those out there looking for them, and toward the bottom I point out something which the integration plug-in does not properly handle. That is the HTTPS secure cookie upon logging out. Depending on your setup this may cause issues. Most of the time you’ll be ok. If your like us and have added a proprietary layer of security for internal use only, you like to make sure when your secure cookies expire they expire asap and are completely gone.
I recommend maybe, just a suggestion as I’m not privy to the dev’s stream of intentions to query if ‘BB_FORCE_SSL_xxx…’ is set. This is probably a much better indication of scheme than relying on the database option only. I know your busy Sam and that wpmu integration is like the last thing on your list. However, some of the code base is already merging.
Noteables: Step #6, Step #7
But before you continue:
1.) Disable Your Cache Server (Varnish/Squid). Go straight to your webserver (Eliminate other causes.)
2.) Get Integration working on plain http first. DO NOT define any force SSL/Admin anywhere on either wpmu/wp/bbpress.
3.) Go back and integrate if you can’t get #2 done. Some helpful hints that work:
3a.) Install wp/wpmu
3b.) Install bbpress
3c.) Install integration plugin for wp. In the option where it says complete URL, that means “http://mysite.com” and not “mysite.com”. If your _only_ (meaning 100% of the time) ever going to use HTTPS then go ahead and define HTTPS.
3d.) I made sure all key/salts were setup in wp first, and then mirrored them into bb-config prepending BB_ in front of each Define. I defined manually: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY, AUTH_SALT, LOGGED_IN_SALT, AND SECURE_AUTH_SALT (7 in total defines).
Once you have HTTP squared away Proceed with SSL:
4.) The integration plugin will try do some things for you in the backend, it will actually try to do all the cookie work for you. However it works off values you set via the integration option page and your wpmu site options.
To take control of a few options, go ahead and define MANUALLY the following: (just as the plug-in suggests and more sometimes):
COOKIEHASH, COOKIE_DOMAIN, SITECOOKIEPATH, and COOKIEPATH.
5.) Add to wp-config.php:
define(‘FORCE_SSL_LOGIN’, true);
define(‘FORCE_SSL_ADMIN’, true);
6.) Add to bb-config.php:
define(‘BB_FORCE_SSL_USER_FORMS’, true);
define(‘BB_FORCE_SSL_ADMIN’, true);
7.) The kicker for me since I’m using MU Subdomains, i HAD to put into my bb-config:
$bb->cookiedomain=’.mydomain.com’ //Yes, with the dot before the domain.
(This is literally the only direct access object config I set in my PHP file. All the rest is handled by ‘DEFINE’ )
Up to this point you should have integration with HTTP and HTTPS. Back and forth, forth and back, every which way. You should have it done without any manual speed up accessors. If it works, go ahead and add them but make sure you set them correctly. If your fanatical about security then cross the line, otherwise go get a beer, woman or pillow whatever.
The Line
8.) Log into BBpress. Goto your main blog, and wp will see you have a ‘logged_in’ cookie. Will display the site_admin link. Just go ahead and click log out.
9.) Logging out will log you out, except a few cookies are left over. This is because the integration plug-in never inspects the HTTPS scheme properly. It will always look for HTTP. Test this by editing line 182 in the plugin file to read:
$secure = true; //Don’t forget to change me back to false (default).
10.) Repeat, and you’ll notice your cookies (the ones which matter) get blown away.
Notes:
– If you install WPMU 2.8 Alpha/Beta/Etc… you must _NOT_ enable
define( ‘WP_AUTH_COOKIE_VERSION’, 1 )
as the plugin suggests.
– I DID NOT use any of the “speed up” manual configs which the bbpress integration tool points out. If you can’t get it working without these settings, adding them may not help at all and masks your real issue which is some other settings are screwed.
– you NEED to make sure your URLs are correct. That means every single URL defined in your database in any meta table, options etc… Especially the case with the integration plugin.