Bill: WordPress Two-level domain name sharing user Cookie Error solution and WP cookie MECHANISM

In a few years ago, I just started to toss WordPress not long time, I groped for a number of WordPress Web site share a data table implementation method . This seemingly high-class SSO feature gives users a fast, seamless, and transparent sign-in experience across multiple sites.

To give a very simple example, originally there is a WordPress site http://www.example.com（后称网站A） , you suddenly want to add a blog site http://blog.example.com（后称网站B） , then the original 网站A registered users of course do not want to re- 网站B register. This time reflects the value of the issues to be explored in this article.

Don't say much nonsense, just start!

In the following example, all domain name example.com Please replace it with your own domain name

The premise of reading this article is that you already have basic knowledge of website deployment, will deploy a single WordPress website, know how to give WordPress configuration database information, understand the WordPress directory structure.

Deploy Web Site A

1. If you have not yet deployed WordPress, download the source files in the usual way, configure the environment (not to repeat here). record the database name, database user name, database password and other information, and follow the steps to use. (Alternate data A)

2. Edit wp-config.php , add the following in any location:

Define (' Cookie_domain ', ' example.com ');   Define (' Cookiepath ', '/');  

At the same time find a row define(‘XXX_KEY‘, ‘xxxasdas‘) of content (a total of 8 lines), here is set some salt, used to encrypt the cookie. If there is no relationship, some words to copy the content, the following steps to use (alternate data b).

Deploy Web Site B

1. In the file of Site B wp-config.php , fill in the database information that is consistent with site A (backup data a)

2. As with Site A, add the following in any location:

Define (' Cookie_domain ', ' example.com ');     Define (' Cookiepath ', '/');

1. If there is alternate data B (various define ' Xx_key '), paste the paragraphs into site B wp-config.php in full.

2. will be $table_prefix = ‘wp_‘; changed $table_prefix = ‘xxx_‘; ( xxx is any different from wp the string)

3. Add the following content;

Define (' custom_user_table ', ' wp_users ');   Define (' custom_user_meta_table ', ' Wp_postmeta ');  

Key steps to modify WordPress core files

I know, it's disgusting, but after I debug it all night, I really don't have the energy to think about an elegant solution. Please everyone WordPress talent to provide a hook bar ...

According to the above configuration, the user can be www.example.com opened and automatically logged in after login blog.example.com , but the reality is ruthless. Even if you find a cookie that exists under two sites, wordpress_logged_in_xxxx WordPress cannot implement the cookie, and the call is_user_logged_in() returns FALSE.

After my various trace debugs, finally locating wp-includes/default-constants.php a constant in the kernel file COOKIEHASH is the culprit.

The source code is as follows:

Define MD5 $siteurl ) );  

Provide a solution first, then the principle

will be $siteurl changed to your top-level domain string, i.e.

Define MD5

This whole world is refreshing, cookies are finally happy in the same domain under the synchronization!

Explanation of principle

Why does a simple constant cause the cookie to fail synchronously? Let's restore this recursion on a level-by-layer basis.

The following functions are not defined in the same file, and are listed here for logical clarity.

Define(' Cookiehash ',MD5($siteurl ) ); ...Define(' Logged_in_cookie ', ' wordpress_logged_in_ '.Cookiehash); ...Wp_parse_auth_cookie ($cookie= ",$scheme= ' '); //The function returns the contents of the $_cookie according to the $scheme and returns the result,//The $scheme here is the constant "logged_in", and the function internally uses switch//to map "logged_in" to Logged_in_cook IE This constant...Wp_validate_auth_cookie ($cookie,$scheme)  //based on the result returned by the function above, the cookie is further judged to be valid and returned USER_ID...Add_filter (' Determine_current_user ', ' Wp_validate_auth_cookie ', 1); //defines a filter that executes the above function when apply...Get_currentuserinfo ()//This is a very common intrinsic function, in which the above filter is applied...Wp_get_current_user, is_user_logged_in, etc.//These functions all call the above functions

Analysis of the entire WordPress cookie parsing process is also clear, the problem is very good location, because 网站A 网站B of the $siteurl difference, resulting in a constant definition, resulting in a non-readable cookie, resulting in a cookie can not be shared across subdomains.

Above.

Transferred from: Http://www.tuicool.com/articles/bUbqem

Bill: WordPress Two-level domain name sharing user Cookie Error solution and WP Cookie mechanism