New to the community? Start here

Domain Mapping Cross Domain Login Issue

Hello. I’m hosting with WP Engine and having some issues with cross-domain logins. Regardless of using SSL or not, when logged in and using the original domain (subdomain) on the backend and a mapped domain on the frontend, the admin bar doesn’t always appear on the frontend due tot he login cookies not crossing over.

The issue is that this doesn’t always happen. It seems to work fine for a few weeks, then abruptly stop working. It’s inconsistent and hard to reproduce.

The way I’ve found to fix this issue consistently is to force users to login at the main network domain, then redirect them to their website dashboard upon successful login. I think I remember Donncha’s original plugin having this feature. Any chance it will be added to this plugin?

Fri, 27 Jun 2014 16:01:35
  • Gabe
    • The Bug Hunter

    In case anyone wants it, here’s the code I user to redirect users to their own dashboard upon successful login:

    //* Redirect user to own website on login */
    
function gm_login_redirect( $redirect_to, $request_redirect_to, $user ) {
    
if ( $user->ID != 0 ) {
    
$user_info = get_userdata( $user->ID );
    
if ( $user_info->primary_blog ) {
    
$primary_url = get_blogaddress_by_id( $user_info->primary_blog ) . 'wp-admin/';
    
if ( $primary_url ) {
    
wp_redirect( $primary_url );
    
die();
    
}
    
}
    
}
    
return $redirect_to;
    
}
    
if ( wp_get_referer() == 'https://domain.com/wp-login.php' ) {
    
add_filter( 'login_redirect', 'gm_login_redirect', 100, 3 );
    
}

    Swap out “domain.com” with your domain or just pull the network url.

  • Gabe
    • The Bug Hunter

    Ash, why wouldn’t this be considered a bug? It doesn’t seem to be working as intended, especially with the recent SSO fixes.

    The option to force login through the main site would be a fix for those who need it. Can you at least ping the developer on this to get his opinion? Thanks.

  • wp.network
    • The Bug Hunter

    Hey, wanted to mention that @Gabe’s description of their issue sounds like a ghostly recurring issue that I’ve been experiencing too.

    Thanks for sharing your solution @Gabe, I’ve been looking at having such a process so as to offer a single HTTPS address for login (that can also rep. the platform), and then redirect to the user’s non-HTTPS subdomain site or mapped address.

    It looks to me like the code you provided might work like this, but I read code about as well as I read Latin (which is barely).

    I’ve also wondered if the login experience at the primary could be customized based on the subsite the user has come from? This seems esp. key for my customers who have their own customers. Savvy? Any thoughts?

    Regards & Aloha,

    Max

  • Gabe
    • The Bug Hunter

    Hey @Max

    The code snippet will work as long as it’s active on your main network site, so you could either 1) put it in it’s own plugin and activate it on the site or 2) drop it in the functions.php for the theme you’re using on the main site (as long as that’s the only site using that theme). Just swap out “domain.com” with your domain.

    You could do it based on where the user came from, but that’d take some custom coding. Right now it just redirects to the primary site the user is a member of.

    Hope this helps.

  • wp.network
    • The Bug Hunter

    Thanks @Gabe

    You kinda rock! Thanks for the tips. I had, in large part, mentioned the customization bit to be seen by @Sam if they do review this thread. You never know though, I thought perhaps you had thought along such lines already.

    Very Helpful. Thank you.

  • Sam
    • The Incredible Code Injector

    Hi @Gabe and @Max

    Nice code.

    Actually i’d prefer regarding this as a bug. I’ll be fixing it.

    Talking about feature, i get you find having the ability to redirect user to different places based on your setting is what you desire?

  • Gabe
    • The Bug Hunter

    @Sam Thanks for replying!

    There were a few issues mentioned in this thread, so do you mean you’re fixing the 1) login redirect issue, 2) the issue with cookies not always crossing over when using SSL, or 3) the lack of option to set remote login (force login at primary network site) like the original plugin had?

    In reference to redirection, I prefer to redirect the user back to their own site (most common situation on multisite networks), but I believe @Max was asking about redirecting users to the site they came from (I assume you’d use wp_get_referer if this option were selected).

  • Sam
    • The Incredible Code Injector

    @Gabe

    I’m taking a look at item 2, initially you said it’s happening regardless of SSL, i’m confused with your last comment’s item #2, does that happen just under SSL?

    A question, is the bug happing for you now? Will a page refresh give you the admin bar?

  • Gabe
    • The Bug Hunter

    @Sam sorry about the confusion, I was a bit confused myself because it doesn’t happen consistently.

    Now I exclusively use SSL on the backend, so I only test with SSL. No, a page refresh won’t give me the admin bar. I fix it by forcing login through the primary network site.

  • wp.network
    • The Bug Hunter

    Hey @Gabe and @Sam,

    Sorry for the confusion from my end.

    In reference to redirection, I prefer to redirect the user back to their own site (most common situation on multisite networks), but I believe @Max was asking about redirecting users to the site they came from (I assume you’d use wp_get_referer if this option were selected).

    I was actually wondering about redirecting users to, as @Gabe says, their own site.

    I just assumed that their own subsite is the most likely place they would have tried to login from…

    Its seeming to me that this might be a better (easier) way to provide network-wide HTTPS login (then redirecting back to user’s HTTP site) rather than trying to force all logins to happen at HTTPS ‘original’ subdomain addresses.

    Basically, a secured login process is what I’m after (ability to do just HTTPS login vs. HTTPS for all admin). The ability to have some granular control of the setup would be even better. I’m not sure the best way to go about this, but it seems to me that @Gabe has some good ideas here.

    Cheers,

    Max

  • Sam
    • The Incredible Code Injector

    Hi Guys,

    Sorry for this delay in replying but rest assured I was dealing with the bugs and features in the meantime.

    1) I can confirm the reported bug and am working to resolve it

    2) Along with the bug fix you’ll have the ability to force SSL in login/admin and force normal http in frontend pages, you’ll find these in the domain mapping settings page

    3) In case you have chosen to force the user to original domain in login page ( currently an option in the settings page of the plugin) and with “Force SSL” option, you’ll be able to have the users login securely and be redirected to their websites ( they may be forced to http per your setting )

    Any suggestion is welcomed

  • wp.network
    • The Bug Hunter

    Awesomeness Indeed!

    @Sam your effort on this is hugely appreciated!

    Domain Mapping is the cornerstone of so much WPMUDev awesomeness; having the essential bug fixes and seo & security related options you’ve described released and working will be huge!

    There are so many older threads that seem to touch on these ‘cross-domain’ issues that seem to end with a ‘solution’ of allowing whatever address the user enters…

    this thread for instance which seems unresolved to me as the original poster wanted to use the ‘original’ settings for Login and Admin… the op’s last reply was to reference this more recent (and extensive) thread involving the Domain Mapping Developers which attracted alot of user’s input.

    That last thread of was also referenced in this very recent (and excellent) thread which @Gabe was involved in and which seems to be very applicable to some of my uses for Domain Mapping.

    I wanted to collect some of the more recent and prominent threads that seem to me to be closely related to this issue for everyone’s ease of reference.

    Your three points seem to address the use cases that I most need, offering a really flexible array of flavors.

    Thank You :slight_smile:

    Kind Regards,

    Max

  • wp.network
    • The Bug Hunter

    Hey @Gabe,

    I just wanted to share this link that @Tyler Postle posted a few days ago in another thread… I am not really conversant in code by any means, and so can’t really judge how much bearing this may have. It seemed interesting though, and worth mentioning to folks who know more than myself.

    Here is a good read on using SSL on one subsite of a multisite: http://halfelf.org/2014/ssl-for-one-domain-on-multisite/

    I remain hopeful. :wink:

    Regards,

    Max

  • wp.network
    • The Bug Hunter

    Cheers @Gabe I’m totally on the edge of my seat :wink:

    I’ve been looking for hosts that will provide managed or semi-managed SNI support. So far one of the identified contenders is MediaTemple; do you have any other suggestions?

    https://kb.mediatemple.net/questions/1918/Hosting+multiple+SSL+certificates+on+a+single+IP+address+with+SNI#gs

    Also, I thought this had contextual relevance to the thread:

    https://www.eff.org/deeplinks/2014/08/google-boosts-secure-sites-search-results

    HTTPS is certainly increasingly important, and the rate of increase seems only to be accelerating.

    Aloha,

    Max