I’m trying to share a WordPress login between a typical WordPress installation and a secondary (custom/PHP) site that will be on a subdomain of the WordPress site.
A user should be able to register on either site to create a user in the WP database. The plugin "WP Webhooks" made that simple enough using curl in PHP.
A user should also be able to login to either site and have their session carry through to the other so they don’t have to log in again. Through the secondary site I can query the WP database for a login and use the functions from class-phpass.php to veryify the password, but that in itself doesn’t set the hashed session cookies and whatnot that I need to go back and forth between the two sites.
I’ve looked at plenty of things over the last couple of days, but not with much luck – I’ve tried a handful of curl scripts and some of them work, but they don’t seem to set any login cookies, I can see one page then the session is gone after moving on.
I’ve seen some recommendations that I emulate the login cookies, but I’m still at a loss as to how they’d be generated after looking as various documentation and looking at wordpress files. (i.e. if the cookie name is wordpress_logged_in_63648015d2894d2b5f23f2c4634cf382 what was used to make that hash – and same thing for the value.)
I’ve seen a variety of SSO plugins that have either confused me or aren’t exactly what I’m looking for – I’m not trying to let people log in with different credentials, I’m just trying to use the same credentials on both sites to log in (one on a sub domain) and keep a logged in status so the user can go back and forth.
Any suggestions/examples/references much appreciated – I might even be close if I had a better understanding of how to reproduce the session cookies assuming I have the users information already.
Thanks for any pointers!