[wp-hackers] Logging a WPMU user into two different domains

Jeremy Visser jeremy.visser at gmail.com
Sat Jul 12 12:24:30 GMT 2008

On Sat, 2008-07-12 at 01:36 -0700, horatio wrote:
> scenario:
> 1. user logs into main domain
> 2. user is forwarded to his custom domain (different root domain)
> 3. user's login status should be carried over to the new domain
> whats the most secure and future-proof way to do this?

Well, to do this, you need to be able to set third-party cookies. This
is, I believe, allowed by default in all major browsers, but who knows
-- a major XSS issue could be discovered in the practice, and one day
soon, third-party cookies may be blocked completely in all browsers by

This can be done at login-time. I believe WordPress' (and WordPress
MU's) cookie-setting functions are defined in pluggable.php, so you can
override the function so that when you set the cookies, you also set the
same cookies for the user's custom domain.

Jeremy Visser                                 http://jeremy.visser.name/

()                           ascii ribbon campaign — against HTML e-mail
/\                                               http://asciiribbon.org/

More information about the wp-hackers mailing list