[wp-hackers] Logging a WPMU user into two different domains

horatio bnabble at says.mu
Sun Jul 13 18:36:27 GMT 2008

for any future searchers, this is not correct. setting third-party cookies is
not standard, and would have major security implications. you could
sometimes cheat with remote images, but this has been increasingly closed up
as the browsers find new releases.

Jeremy Visser wrote:
> On Sat, 2008-07-12 at 01:36 -0700, horatio wrote:
>> scenario:
>> 1. user logs into main domain
>> 2. user is forwarded to his custom domain (different root domain)
>> 3. user's login status should be carried over to the new domain
>> whats the most secure and future-proof way to do this?
> Well, to do this, you need to be able to set third-party cookies. This
> is, I believe, allowed by default in all major browsers, but who knows
> -- a major XSS issue could be discovered in the practice, and one day
> soon, third-party cookies may be blocked completely in all browsers by
> default.
> This can be done at login-time. I believe WordPress' (and WordPress
> MU's) cookie-setting functions are defined in pluggable.php, so you can
> override the function so that when you set the cookies, you also set the
> same cookies for the user's custom domain.
> -- 
> Jeremy Visser                                 http://jeremy.visser.name/
> ()                           ascii ribbon campaign — against HTML e-mail
> /\                                               http://asciiribbon.org/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

View this message in context: http://www.nabble.com/Logging-a-WPMU-user-into-two-different-domains-tp18417124p18432321.html
Sent from the Wordpress Hackers mailing list archive at Nabble.com.

More information about the wp-hackers mailing list