[wp-hackers] Logging a WPMU user into two different domains

Andy Skelton skeltoac at gmail.com
Sat Jul 12 16:33:16 GMT 2008


On Sat, Jul 12, 2008 at 3:36 AM, horatio <bnabble at says.mu> wrote:
> 1. user logs into main domain
> 2. user is forwarded to his custom domain (different root domain)
> 3. user's login status should be carried over to the new domain
>
> whats the most secure and future-proof way to do this?

On WordPress.com we have a script called remote-login.php that does
all of this. If you have a WordPress.com account, you can see it in
action by visiting any domain-mapped blog while logged in to
wordpress.com. Here's the rundown:

When you visit a domain mapped blog (example.com) we include a script like this:
http://wordpress.com/remote-login.php?action=js&...

If you are logged in, cookies are sent with that request to
wordpress.com. Seeing no cookies, the script is blank. If login
cookies are present, the script generates a login key, saves it, and
redirects you:
http://example.com/remote-login.php?login=12345abc67890def

That login key is looked up and if valid, you are given login cookies
for example.com, the key is deleted (one-time use) and you get
redirected to example.com. This time your request includes login
cookies.

The whole process usually takes only a second or two.

Cheers,
Andy


More information about the wp-hackers mailing list