Skip to:

cookies (subtle bug?) single sign-on bbpress and wordpress

  • Hi,

    I don’t mean to post twice, but I realized that I replied this to a thread that had already been resolved.. so I am posting a new topic.

    I am trying to integrate bbpress( with wordpress mu (1.3.3), and I am having some issues with cookies for login/logout.

    I’ve tried setting this: (“MD5hash” replaced with my MD5)

    $bb->usercookie = 'wordpressuser_MD5hash';
    $bb->passcookie = 'wordpresspass_MD5hash';

    However, that didn’t seem to allow single sign-on login(meaning, if I am log into wp, go to bbpress and find myself already logged and vice versa)

    Watching the cookies during the login/out process on WP MU, I found that the cookie names that WP MU uses are: “wordpresspass” and “wordpressuser”

    So in config.php for bbpress, I used:

    $bb->usercookie = 'wordpressuser';
    $bb->passcookie = 'wordpresspass';

    This works somewhat, let me explain:

    This scenario works:

    Log into WPMU, refresh bbpress page, I find myself already logged into bbpress.

    Log out of WPMU, refresh bbpress page, I find myself logged out of bbpress.

    Log into BBpress, refresh WPMU, I find myself logged into WPMU

    This doesn’t work:

    Log into BBpress, refresh WPMU (I find myself logged into WPMU) AND THEN when I try to log out from WPMU, I can’t log out.

    I refresh BBpress page, and I am not logged out either.

    If I log out from BBpress at this point, then I am logged out of WPMU as well.

    I have a feeling it might be something with WPMU, but I thought I’d post here first since this is where I found all the information about the integration. Thanks for your help. I am appending my config.php relevant to the integration part.

    $bb->wp_table_prefix = 'wp_';
    $bb->wp_home = '';
    $bb->wp_siteurl = '';
    $bb->usercookie = 'wordpressuser';
    $bb->passcookie = 'wordpresspass';
    $bb->cookiepath = '/';

    thanks for your help.

Viewing 15 replies - 1 through 15 (of 15 total)

  • _ck_


    You have the right approach if you find that log-outs are out of sync.

    You need to watch the cookie names and paths.

    MAKE SURE you clear ALL cookies while you are experimenting with paths and names. If you leave left overs, you are going to get strange behaviors.

    If you leave the page open, even after clearing cookies you may have form post data or session data in there. Close page, clear cookies, THEN confirm behavior.

    If you find that path names and cookie names are absolutely identical, it’s possible that the logout process for WPMU is not robust enough in the way it resets cookies. ie. doesn’t set the date far enough in the past.

    Following the WPMU tag will probably help you bunches. ie.

    _ck_, I cleared all the cookies for this domain when doing the test. I also closed all open pages, and started fresh.

    The three cookies that I see generated when doing this test on both BBPress and WPMU are:




    I’ll look at the code for logging out of wpmu, and also see if anything gets changed in the database. I’ll then compare that to how BBPress logs out and see if it makes any changes in the database too.

    Thanks for the link, but he basically added:

    $bb->usercookie = ‘wordpressuser’;

    $bb->passcookie = ‘wordpresspass’;

    And I’ve already done that.



    By the way, since the registration and login/out process in wordpress is a bit more advanced than bbPress, many people just change all the bbpress links for such actions to use the WordPress links. WordPress can even redirect back to the point of logout/login.

    I fixed the problem by making changes to the bb_cookie() and bb_logout() since wpmu and bbpress set cookies differently: (the expire times are different). If anyone wants to me to post the code, please let me know.

    Also, I added the “cookiedomain” to the config.php

    Here’s the full list relevant to the integration.

    $bb->wp_table_prefix = 'wp_';
    $bb->wp_home = '';
    $bb->wp_siteurl = '';
    $bb->usercookie = 'wordpressuser';
    $bb->passcookie = 'wordpresspass';
    $bb->cookiepath = '/';
    $bb->cookiedomain = '';



    I’m not able to get this working in WPMU/bbpress:

    Using newest versions of both (fresh install 3 days ago)



    bbpress config.php :

    $bb->wp_table_prefix = 'wp_';  // WordPress table prefix.  Example: 'wp_';
    $bb->wp_home = ''; // WordPress - Options->General: Blog address (URL) // Example: ''
    $bb->wp_siteurl = ''; // WordPress - Options->General: WordPress address (URL) // Example: ''

    //if ( isset( $bb->wp_table_prefix ) ){
    $bb->usercookie = ‘wordpressuser’;
    $bb->passcookie = ‘wordpresspass’;
    $bb->cookiepath = '/';
    $bb->cookiedomain = '';
    /* Stop editing */

    Stock WPMU wp-config.php

    Using the following plugins on WPMU:


    Using the following plugins on bbpress:


    display name

    Is there anything else I need to do?

    When I first log in to WPMU I get the following cookies: wordpress_test_cookie (content:’ WP+Cookie+check’) wordpressuser (content username) wordpresspass (content: hash)

    I go to the forum, and I’m not logged in.

    I log into bbpress and I get two more cookies, exactly the same execept for the expiration dates. The WPMU expires at the end of session. The wordpress expires in one week. I do not get another wordpress_test_cookie.


    In WPMU, did you put the bbpress-integration.php in the “mu-plugins” directory or the “plugins” directory?

    I want only the site admin to be able to activate the “bbpress Integration” plugin, but it shows up for all users giving them an option to activate the plugin. That’s not good.

    On the bbPress side, I found that the wordpress-integration is not necessary (I’ve asked about this, but no replies so far), and display name plugin requires some code changes to the BBPress code for it to work properly. It causes permission problems, and I had to dig around the forum where it shows you which code to change.. In retrospect, it probably wasn’t worth the trouble. (Gurus, please correct me if I am wrong, as I am new to BBpress)

    If you want me to look for that thread again, let me know.

    To get single sign-on working properly, you need to make code changes on the bbPress side to bb_cookie() and bb_logout() in pluggable.php along with the config changes I mentioned (which you’ve done already).

    function bb_cookie( $name, $value, $expires = 0 ) {
    if ( bb_get_option( 'cookiedomain' ) ){
    setcookie( $name, $value, $expires, bb_get_option( 'cookiepath' ), bb_get_option( 'cookiedomain' ) );
    setcookie( $name, $value, $expires, bb_get_option( 'cookiepath' ) );

    function bb_login($login, $password) {
    if ( $user = bb_check_login( $login, $password ) ) {
    bb_cookie( bb_get_option( 'usercookie' ), $user->user_login );
    bb_cookie( bb_get_option( 'passcookie' ), md5( $user->user_pass ) );
    do_action('bb_user_login', (int) $user->ID );
    return $user;

    I hope this helps, and please let me know how it works out.


    Thanks for the detailed instructions. After,

    1. modifying the config.php as you stated above

    2. modifying bb_cookie() by not sending the time to setcookie()

    I am able to login and logout on either side, in any sequence.

    One more thing that I have notified (even not serious, but worth mentioning), is that if

    1. login on either side

    2. logout on WPMU

    3. visit bbPress, the first time will show up the user is still logged in

    4. refresh the page, or visit any page, it shows the user NO LONGER logged in

    I guess there may be some logic missing in bbPress for checking the existence of cookie and clear the session, on the first attempt.

    By the way, I didn’t install any plugin for integration on either side

    Sam Bauers


    If you can wait a couple of days, WordPress/bbPress integration is a lot easier with a combination of WordPress version 2.5 and bbPress version 0.9


    Will there be a new release of WordPress MU as well?

    I am not complaining, but I sometimes feel like WPMU is the ugly stepchild in that there is always extra hurdles to get things working with other software. ;)

    Don’t get me wrong, I love WPMU since it allows me to create a blog community and do some really cool things. keep up the good work!

    I am with you horrorshow.

    I use WPMU a lot, but the support on plugins and documentation is far from enough. There seems no official support except the core of WPMU.

    In the past few releases, donncha would merge the equivalent WPMU version after the single version was out for several days.



    Oh, goodie! I’ve already upgraded one of my sites to 2.5 and I love it, but another is integrated with WP (after much heartache and pain) and I don’t want to upgrade if it’s going to break it!



    I was using the Display Name plugin, and now I can’t add new forums to the bbpress. Is there anythingI should do to reverse whatever it did to screw up the permissions?

    After a couple of weeks and double checking I did everthing you outlined up there,, I *still* can’t get the cookie thing straightened out. I just cant seem to get single-login to work.. I’ve tried just about everyting I’ve found on the forum. (maybe that’s it… too many things?)


    just deactivate the “Display Name” plugin and try again, that was the only solution I’ve found. You can reactivate it after you do you changes

    Horrorshow said >>>

    Also, I added the “cookiedomain” to the config.php

    Here’s the full list relevant to the integration.


    There is no config.php file. What file are you talking about? Do you mean wp-config.php in WordPress? If I’m using WPMU, where would these changes go?

    Could you post the entire procedure for integrating bbPress with WPMU?


Viewing 15 replies - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.
Skip to toolbar