WordPress.org

Ready to get started?Download WordPress

Forums

Making site visible only based on cookie from a different site (3 posts)

  1. cw_wp
    Member
    Posted 1 year ago #

    I'm looking for a way to make my site visible only if users have a cookie from logging into another site (webapp). The idea is to hide user documentation (in the WordPress page) from non-users.

    Any other suggestions of a way to do this are very much welcome. I don't want to make users register and log in separately on the WordPress site.

  2. MickeyRoush
    Member
    Posted 1 year ago #

    You could try something using .htaccess in the WordPress site.

    RewriteCond %{HTTP_COOKIE} !^insert cookie string here
    RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?webapp\.com/
    RewriteRule .* - [F]

    Replace "insert cookie string here" with the cookie that is set with the webapp. Also require that they're being referred by the webapp so replace webapp\.com with whatever.

    I guess if you set a PHP Session cookie (session.hash_bits_per_character = 6) your cookie string could look like:

    RewriteCond %{HTTP_COOKIE} !^PHPSESSID=[\w,-]+

    I use something similar but it's for within the site, not going from one site to another.

  3. datdesignguy
    Member
    Posted 1 year ago #

    *edit* I didn't realize that your users weren't already registered on both sites. In that case, you may want to add a hook into your webapp that automagically registers users with both webapp and wp site on registration. OR, using one of the methods below, you can have wordpress create the user on the fly, and just send the user_id back to your webapp, and your webapp could store the wordpress user id for future use. Just a thought...*

    Aren't cookies locked down to a specific domain? I'm not sure if an htaccess is going to do the trick from one domain to the other. You might look at authenticating the user on both the webapp and the wordpress site at the same time, that's how I'd handle it.

    Do you have the ability to hack some of your "webapp's" code to perhaps make an http post request to your wordpress site during the user login process?

    If so, then you could just write a function that receives data only from your webapp's domain, containing some sort of encrypted key that only your webapp would know as well as the email and or user id of the person you want to log in, and just run a "set_user" function call on the wordpress side.

    Not sure that this is a very secure method though, as the call would have to be made through an iframe.

    Alternatively, I think you could also try making a call from your webapp site to your wordpress site that sets a transient containing a nonce and a user_id after a person logs in on the webapp side. Then, you just add a filter to your webapp that appends the nonce as a GET parameter to all of your links to your wordpress site. When the user clicksthrough from your webapp, wordpress looks up the transient and then runs set user.

    Maybe one of those two approaches will help you out?

    Great question though!

Topic Closed

This topic has been closed to new replies.

About this Topic