Try setting this in your wp-config:
define('COOKIEPATH', '/');
define('COOKIE_DOMAIN', 'example.com');
Hi Mika,
Thanks for the reply, I did some tries and it seems to works.
The only thing I noticed is that, with these constants defined, the wp_admin_bar will display everytime, even if I visit other subdomain websites.
Tha’t quite easy to solve but, in general, I wish to ask if defining these constants will involves in possible security problems.
Thank you very much.
Well… Yes because you’re logged in on the other sites. You can’t have it both ways.
it seems that he is not authenticated in the primary blog (domain.com), so the signup form ask for the entire registration flow (user signup + blog signup).
The only way to be authenticated on ALL blogs is to be authenticated on all blocks.
Hi Mika,
Maybe a more strong solution, instead of defining constants, could be forcing users to log in only from the main site (redirecting them to the main site login page, e.g. from site.domain.com/wp-login.php to http://www.domain.com/wp-login.php, solution here), and after a user logs in, redirect him to his primary blog dashboard, using the login_redirect filter.
What do you think about this?
Thank you very much again!
AH! Okay, so you should give us the full goal when explaining problems, so we can guide you to the best solution.
So let’s mae sure I have this:
1) Users should be sent to THEIR site no mater where they log in
2) Users should be logged in to all sites on the network once they log in
Is that right? If so, the cookie code handles #2.
For #1 read this: https://wordpress.org/support/topic/automatic-redirection-to-child-site-from-main?replies=15#post-1844523
Yes, my goal is to let a user to stay logged in both in their personal websites and in the main blog, so that when he woulds “signup for another blog” he don’t have to logs in again in the main website.
I think that both solutions could be fine.
Your first solution achives the goal, but we can get in possible security problems. Also, I noticed that a user see his frontend admin bar when he visits a stranger blog. That’s could get him in confusion.
Reason why I was thinking about second solution.
Let’s say that I’m trying to find the best solution to give users a perfect user-experience, without getting them in confusion.
That’s the reason why I was take in consideration more than one way.
Thank you very much for your help and excuse me for my not clean explanation 🙂
Users, ah, find a way.
Sorry, bad Jurassic Park 2 joke. However here are the things to keep in mind.
If you JUST redirect them to their own site (with the link I gave you for a how to), then they MAY still notice they’re logged in on the other site.
If you have a WordPress.com account and, like me, are logged in all the time, you will find things like Time and TVLine are on .com as well because you get the admin bar. So the best you can do is tell people “Yes, this is a network of sites, you will be able to see the other sites and be logged in as a reader.”
Hi Mika,
thanks for the reply, I did many tries to see how the system works and if everything works fine.
I noticed that defining these constants give an issue with the login cookies.
It seems that the problem comes out when login cookies expire.
The system logged me out and it can’t let me login again, bringing me (super_admin) into a login redirect loop.
The problem is with a subdomain, not with the main domain.
for example, when I attempt to login from
http://site.domain.com/wp-login.php
after authentication, I get redirect to
http://site.domain.com/wp-login.php?redirect_to=http://site.domain.com/wp-login.php&reauth=1
the login page reload asking me to authenticating again, and I can’t login anymore.
Disabling the constants, I’m able to login without any problem.
Did you have experience with this type of problem?
Thank you very much again.
Some experience, yes, but it generally boils down to you need to delete the cookies on your browser and try again, because the OLD cookies are clashing with the defines 🙂
Hi Mika,
I’ve just read your post
http://halfelf.org/2014/mapping-domains-without-plugin/
and you talk about COOKIE_DOMAIN as following:
define( ‘COOKIE_DOMAIN’, $_SERVER[ ‘HTTP_HOST’ ] );
So, what really happen if I wish to map a domain while above constants are defined?
IS there something that I can do to avoid conflicts, or simply I can’t define the constants if I map a domain?
Thank you very much in advance.
So, what really happen if I wish to map a domain while above constants are defined?
It just says “Each mapped domain has it’s own cookie” which is (personally) what I want for SSL security. I have to log in per-domain, but that’s trivial compared with security 🙂
