Cross Domain Cookie Sync and Auth

Hello, I feel bad dropping in on so many other topics that have appeared around this board, but in light of there obviously being a need by so many I thought I could bring up some tough questions about authenticating cross domain sites and see if I can come up with a solution.

If you login to your main site, you are authenticated for that domain and all subdomains. As I understand it, the problem stems from the fact that you are not on your mainsite's domain anymore and the cookies are not accessible.

Is it possible we could use a solution like this http://flcookie.flensed.com/documentation.php to patch-over the cookies? It seems that is what it was made for. While I'm not a big advocate of flash, and I understand that I would need to add each custom domain to a crosssite.xml in the root of the domain, the fact is most users have flash. It works in 99% of browsers. This seems like it could be a solution to our problems.

  • Jason

    I got the single signon working, but I was forced to mod a core file, with only one line of code.

    in the wp-login.php I added a line of php that checks if the domain is the "Master Site" and if not, then direct you there....

    //domain redirection (one line)

    if ($_SERVER['HTTP_HOST'] != "poteau.me") { header("Location: http://poteau.me/wp-login.php?".$_SERVER['QUERY_STRING'] , true, 302);}

    //end

    You should only have to change the poteau.me to whatever the domain of your mastersite is.

    This was if they access theirsite.com/wp-admin and it takes them to their own login (theirsite.om/wp-login.php) it will take them back to the master site to do the login.

    With the domain mapping plugin on the wordpress plugin repo the offical domain mapping plugin has been updated for wordpress 3.3 and supports cross domain login built in. It is also supposed to do this redirect that I hacked together, but the redirect was not working for me with nginx, and I am not knowledgeable enough about nginx rewriting to have done this in the site.conf file, so I was forced to fall back on php. Hopefully in the future, we won't need this anymore.

    So you may not even need this manual redirect, but I had to. Also, Chrome caches redirects, which should be against some sort of law. lol