cross-domain security concerns in global cart

Is there a work around for cross-domain security concerns using global cart? All the domains on the multisite will be owned by one client in this project and they would like to have a working global cart. thank you

  • Sajid
    • DEV MAN’s Sidekick

    Hi wpmudevorg24,
    Hope you are doing good today :slight_smile:

    There is no way to do this out of the box but there are definitely workarounds and techniques using that we can make enable global cart and sessions.

    I could not find any plugin though that does this but here are discussions and workaround that would be of some help.
    http://stackoverflow.com/questions/13806701/secure-and-flexible-cross-domain-sessions
    http://stackoverflow.com/questions/2956214/cross-domains-sessions-shared-shopping-cart-cross-domains

    Hope that helps! Feel free to post a reply if you need further assistance :slight_smile:

    Kind Regards,
    Sajid

  • Lee
    • Syntax Hero

    Just an after thought.

    Could wp-config.php use $_SESSION[ 'variables' ] to cross the domains with the marketpress global cart?

    using this in wp-config.php now on each re-entry going from site to site.
    define('DOMAIN_CURRENT_SITE', $_SERVER[ 'HTTP_HOST' ]);
    define('PATH_CURRENT_SITE', '/');
    define('SITE_ID_CURRENT_SITE', 1);
    define('BLOG_ID_CURRENT_SITE', 1);
    define( 'COOKIE_DOMAIN', $_SERVER[ 'HTTP_HOST' ] );

    Other question:
    Would https (SSL) be a problem going from one domain to another domain in multisite? Would you need an SSL certificate covering all domains and subdomains? If you have such certificate would it make global cart work?

  • Sajid
    • DEV MAN’s Sidekick

    Hi wpmudevorg24,
    Hope you are doing good today :slight_smile:

    You can tell WordPress to use the cookies of what website for login etc for current site by defining its domain name in wp-config.php file as below:
    define( 'COOKIE_DOMAIN', 'domain.com' );

    For your other question, there are two other types of SSL certificate. One is Wildcard SSL certificate that works on main domain and all of its subdomains and the other one is A Multi-Domain (UCC) certificate for multiple domains.

    For more details about domain mapping and SSL certificate please see this article on our blog that covers this topic nicely and in depth.

    However, I am still not sure whether that will help with sharing the cookies and sessions because the restriction is still same - not to share cookies on cross domains for security reasons.

    Take care and have a nice day :slight_smile:

    Kind Regards,
    Sajid

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.