Skip to:

WP and BBpress sharing login accross different domains

  • Is this possible? I’ve tried every configuration I can think of and it’s just not working. Am i just missing something simple or is it not possible?

Viewing 6 replies - 1 through 6 (of 6 total)

  • howtogeek


    The problem is that WordPress and BBpress both use cookies for login.

    Since your browser will only send the cookie for the domain that it was set on, it’s not going to work automatically.

    You could use the same login database, of course. It’s just not going to be transparent.

    I guess I’ll have to set up the wordpress login to redirect to the bbpress login page sending over the user info and then loging them into bbpress and redirecting them back to where they started.

    But that seems like a lot of goings ons for a simple login. Any ideas on how I could simplify that at all?

    Another thought would be to create a plugin to check for the wordpress cookie and then if present set the bbpress cookies.

    Beau Lebens


    @jel3: it’s possible on different *sub*domains, but not on entirely different domains (transparently, as you said).


    Sam Bauers


    There may be some trickery you could do using iFrames to get the two different domains sending cookies at the same time on login. It wouldn’t be pretty though, and you would have to really test your code for vulnerabilities.



    This indeed is a very tricky problem because everything about a browser’s security is designed to prevent this from happening. addresses it in one possible way (across multiple domain names) via I believe a hidden iframe (as Sam suggests).

    I’ve noticed cookies are still sent with images loaded from another domain so that might be another way but you’ll still not be able to read them on the server since it’s not the local domain.



    There’s no simple way to do this… and there’s a ton of possible security holes if you do it wrong.

    You will need to have a database table to store session information, and check that on every page load.

    The iframe approach would need to only indicate that the user was logged on, but make sure you don’t set the password cookie that way… just the sessionid or userid, and then each application would have to check the shared session store.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.
Skip to toolbar