[wp-hackers] Wordpress SSO

Malte Witt m.witt at ia-sh.de
Thu Nov 29 09:13:45 UTC 2012

Different domains ... :-(

Ok, I'm so far now that I know I won't have a chance on the server-side 
and have to deliver a logged out page by default and then check somehow 
with JS and reload the page if needed, but whatever technology I had a 
look at (HTML5 postMessage, CORS+JSON, JSONP) ... they can transfer data 
from domain A to domain B but when I'm on domain A and I'm doing an 
AJAX-Call to domain B, there are no cookies included. So this also is no 
solution, or is it?

Am 29.11.2012 04:43, schrieb Ryan McCue:
> Malte Witt wrote:
>> All plugins I found so far that match "sso" are in fact doing shared
>> authentification and no 'real' sso at all, but I want to login to
>> wordpress A and then surf to wordpress B and still be logged in (or be
>> automatically logged in to wordpress B in that second).
> The question is, are these on the same domain, but different subdomains?
> If they are on the same domain, then you can set various constants
> relating to the cookie domain, etc. [1] [2]
> [1]:
> http://codex.wordpress.org/Editing_wp-config.php#Additional_Defined_Constants
> [2]: http://betterwp.net/282-wordpress-constants/ (see #3)
> If not, you'll have to invent your own solution, since cookies can't be
> shared cross-domain. I know WordPress.com used to have a special
> solution for this for their external domain sites, but I can't seem to
> find that anywhere now. Basically: load in Javascript or an iframe from
> the original domain which has access to those cookies, then use that to
> set the cookies on the domain you're on.

More information about the wp-hackers mailing list