Designed to be run in concert with SSL Subdomain for Multisite.
This plugin depends upon WPMU Domain Mapping, which must be installed and network activated for this to work.
What this Plugin does
If you have the SSL Subdomain for Multisite plugin installed and network activated, you now have logins and admin happening on
https://demo-site.mynetwork.com, while normal site access is on
This works great. Except, once you log in to
demo-site.mynetwork.com to do some admin work, then visit the main site, perhaps to post a comment as a logged in WordPress user, you are not logged in on the main site. This means that you can’t, for example, post that comment while logged in — you aren’t logged in there! Other logged-in niceties like the display of the admin bar, or the avoidance of caching, are not available. If you log in again, it logs you in to
https://demo-site.mynetwork.com but still you remain not logged in on
This plugin solves this problem by enabling a single sign on (SSO) for both the admin panel and the main site on the custom domain. Upon login, this plugin bounces the user across to the main site to set a cookie there, then bounces them back to the admin panel.
Now, you can work in the admin panel normally, and if you click ‘Visit Site’ from the Admin panel, you go over to the custom domain, where you are also logged in and can perform all actions as normal. Single Sign On!
You are using WPMU Domain Mapping for custom domains on your Multisite network.
You have SSL configured for your master domain (e.g.
www.mynetwork.com), and for the wildcard
*.mynetwork.com. You would like normal site access to happen over the custom domains with HTTP, and all admin and login access over the subdomains of
You have the
You have the
wp-config.phpOFF. We’ll handle that — WordPress’ forcing of SSL admins may confuse this plugin.
This plugin was tested with and is intended to be used in concert with SSL Subdomain for Multisite.
redirect_toparameter is not fully working at present. Sometimes, you will be sent to the root admin page, instead of the specific page you were trying to access. This needs to be improved, as it does compromise the user experience.
This provides better security than only enabling
FORCE_SSL_ADMIN, since with this plugin and SSL Subdomain for Multisite, login and admin are served over HTTPS.
However, the nature of this setup means that a man-in-the-middle attacker could theoretically impersonate you for the duration of the login session. It is not possible at the moment to avoid this theoretical attack scenario without serving everything over HTTPS (making arbitrary custom domain support impossible), or preventing login to the actual custom domain site.
- Install and configure WPMU Domain Mapping to faciliate accessing network sites with custom domains. This is required for this plugin to function at all.
- Configure your web server with your wildcard certificate for your master domain (for example
FORCE_SSL_LOGINto ON in
- Install SSL Subdomain for Multisite.
Now, when you log in to a custom domain-enabled site, you always log in over the SSL-secured subdomain (thanks to SSL Subdomain for Multisite), but you are also logged in to the main site, over its custom domain.
Contributors & Developers
“SSO Cross Cookie” is open source software. The following people have contributed to this plugin.
- Initial release.