Login not detected when visiting mapped domain

Hi,

My main site is Self.my, but visitors login via Self.my needs to login again for sites that enabled domain mapping, like WebStory.my, which is originally webstory.self.my before domain mapping.

Is there any setting that I missed out?

Thanks.

  • aecnu

    Greetings junior,

    Thank you for being a WPMU Dev member!

    My main site is Self.my, but visitors login via Self.my needs to login again for sites that enabled domain mapping, like WebStory.my, which is originally webstory.self.my before domain mapping.

    This effect is caused by the way WordPress works identifying users which is handled by cookies. For example the person logs into self.my and gets cookied for self.my - now when the go to a different site, for this example webstory.my WordPress looks at the cookie - but the logged in cookie does not exist for webstory.my therefore prompting the user to login.

    In contrast, when the user goes to self.my, cookied as logged in, and then proceeds to webstory.self.my the cookie exists for self.my and it is noticed because webstory.self.my is a sub domain of self.my.

    It is my opinion that without this kind of protection by the cookies, one could essentially log into and WordPress site and go form site to site no matter who's and be logged in.

    Cheers, Joe :slight_smile:

    If this thread is not resolved because the suggested action did not work or you have any more questions related to this thread, please feel free to post them below including any new symptoms or errors and tick the 'Mark as Not Resolved (re-open)' box below the post area (or else we'll miss it!)

  • Kimberly

    junior,

    In short, no, there is no fix for this right now.

    The issue comes with the mapped domains. Generally, logging in on a mapped domain subsite does not pass-through the cookie to any other subsite, mapped, or not mapped.

    There is a thread that discusses this exact issue that you might find informative:
    https://premium.wpmudev.org/forums/topic/single-sign-on-to-all-sites-in-my-entire-wp-network

    I would have copied the content, however it's a bit lengthy :slight_smile:

    Best,

    Kimberly

    If this thread is not resolved because the suggested action did not work or you have any more questions related to this thread, please feel free to post them below including any new symptoms or errors and tick the 'Mark as Not Resolved (re-open)' box below the post area (or else we'll miss it!)

  • junior

    Hi Kimberly,

    I think you have misunderstood me, what I stressed was, at least, if I login via webstory.my (originally webstory.self.my), it should also have set the cookie for self.my. Since the plugin should have been able to detect the original site's domain, is it possible to set a cookie at that moment? From my test at my site, trying to login via webstory.my, then visit self.my, it will be shown as not logged in for self.my.

    Best wishes,
    Junior

  • willy

    junior,
    Maybe not Kimberly is who is not understand your question :slight_smile:
    Cookies are distributed from domain where the script runs. If you login at webstory.my the server can't send valid cookie for self.my.
    The trick behind domain mapping plugin, create a css from mapped site if you are logged in, and make an specific site_option (these step only happen now if you visit logged in domain wp-admin area), and if this is loaded (from mapped domain), will send you a cookie for the mapped site. At now the best solution(IMHO):
    1, do not map administrator interface,
    2, after login visit not mapped wp-admin (this will create mapped domain css and load it)
    3, if you visit another mapped domain first visit wp-admin area for this domain (if you able to, because if you are not member of this blog you can't visit wp-admin)
    4, you see, if many domain mapped in multisite you are not easy to get cookies for every domain, but, this is not common issue, because your client stay at one blog at once, or member all the visited blogs...

    Kimberly, these question very often asked please document it (BTW, domain mapping solution not perfect, and without documentation easy to misunderstood)
    And also, please if developer has any time, and want to rewrite a plugin, please contact me.

    Thanks.

  • junior

    Hi Willy,

    Obviously my question is misunderstood again :wink:

    Take a look at this thread which Kimberly pointed me to: https://premium.wpmudev.org/forums/topic/single-sign-on-to-all-sites-in-my-entire-wp-network

    And the OP said:

    Come to find out, the cross domain cookies feature is only keeping a user logged into one sub-site and the main site. And this only seems to work if the user logs in at the sub-site. So if you log in at a subsite of the primary site.com called a.site.com or site.com/a which is mapped to sitea.com domain, you will be logged into all three.

    Which means, if I login via webstory.my (originally webstory.self.my), I should be logged in to self.my as well, but it does not work obviously.

    Thanks.

  • willy

    junior,

    Ok, I try to clarify
    1, webstory.my and webstory.self.my is served by same wordpress install ?
    2, this wordpress install networked and you are the network admin?
    3, are you using domain mapping, and network setting for domain mapping the server ip address and the administrator interface "domain entered by user" or "mapped domain"?
    4, if you click login on webstory.my metabox and log in to blog after if you are try to visit webstory.self.my or otherblog.self.my and login page displayed again?
    if all of first 3 point above true: Your installation does not work as you waiting.
    If you want to work, follow my previous post, set domain mapping settings administrative interface to original domain, if you log in, you are logged in to webstory.self.my and also logged in other.self.my
    if you are visit webstory.self.my/wp-admin/ address and page displayed if you are click display my blog at admin bar or visit webstory.my address any other method after this the login process works as you want, you are also logged in also to webstory.my. if you are miss visiting webstory.self.my/wp-admin/ (login button in meta points to here) you are not logged in webstroy.my (except if you are already got cookie from webstory.my before, but this is an error in this point)
    Might be useful to clean all cookies from your browser related to sefl.my and webstory.my before you test it.
    If i don't understand again, review my first 4 point not correct it please
    Thanks!

  • willy

    Junior
    You are need to understand the following few things
    first:

    I think you have misunderstood me, what I stressed was, at least, if I login via webstory.my (originally webstory.self.my), it should also have set the cookie for self.my.

    This is not works. If one page displayed on webstory.my unable to send cookie for sefl.my. This is a rule.
    second:
    This is not magic, only a simple trick, domain mapping plugin in wp-admin interface on the original domain (webstory.self.my) insert a link to an css file which come from the mapped domain(webstory.my/aa234234.css), and this crafted css file (and some other thing) give you cookie for mapped domain (webstory.my)

  • junior

    Hi Willy and Kimberly,

    Thanks for your reply.

    1. Both webstory.my (originally webstory.self.my) and self.my are on the same multisite install
    2. The domain mapping setting is to log on to "domain entered by user"
    3. Even after commenting out these 4 lines, also no use:

    //define( 'DOMAIN_CURRENT_SITE', 'self.my' );
    //define( 'PATH_CURRENT_SITE', '/' );
    //define( 'SITE_ID_CURRENT_SITE', 1 );
    //define( 'BLOG_ID_CURRENT_SITE', 1 );

    4. But changing the domain domain mapping setting is to log on to "original domain" seems to work.

    So, is the cross domain login only effective if with login to "original domain"?

    Best wishes,
    Junior

  • Kimberly

    It should work like this:

    sub.domain.com -> mysub.com

    These are the orig domains and the mapped domains.

    If I log into sub.domain.com it will automatically create the cookies for mysub.com
    If I log into mysub.com it will automatically create the cookies for sub.domain.com

    if I log into domain.com (the main site) it won't create any cookies because it doesn't have a mapped domain (sub.domain.com does)

  • aecnu

    Greetings junior,

    I would have to confirm this is intentional fopr network security considering the following facts:

    When anyone joins the network they are added as a member/user to the main site.

    If in fact they were then cookied they would be able to traverse the entire network of sites and modify the sites they desire.

    Therefore it is absolutely necessary that they are not cookied on the main site with credentials allowing them to traverse the entire network unchallenged.

    Cheers, Joe :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.