WP and BBpress sharing login accross different domains
Since your browser will only send the cookie for the domain that it was set on, it’s not going to work automatically.
You could use the same login database, of course. It’s just not going to be transparent.
I guess I’ll have to set up the wordpress login to redirect to the bbpress login page sending over the user info and then loging them into bbpress and redirecting them back to where they started.
But that seems like a lot of goings ons for a simple login. Any ideas on how I could simplify that at all?
Another thought would be to create a plugin to check for the wordpress cookie and then if present set the bbpress cookies.
@jel3: it’s possible on different *sub*domains, but not on entirely different domains (transparently, as you said).
There may be some trickery you could do using iFrames to get the two different domains sending cookies at the same time on login. It wouldn’t be pretty though, and you would have to really test your code for vulnerabilities.
This indeed is a very tricky problem because everything about a browser’s security is designed to prevent this from happening.
WordPress.com addresses it in one possible way (across multiple domain names) via I believe a hidden iframe (as Sam suggests).
I’ve noticed cookies are still sent with images loaded from another domain so that might be another way but you’ll still not be able to read them on the server since it’s not the local domain.
There’s no simple way to do this… and there’s a ton of possible security holes if you do it wrong.
You will need to have a database table to store session information, and check that on every page load.
The iframe approach would need to only indicate that the user was logged on, but make sure you don’t set the password cookie that way… just the sessionid or userid, and then each application would have to check the shared session store.
- You must be logged in to reply to this topic.