Share session between my site and wordpress blog - wordpress

I would like to know how to share a session between my website non-wordpress and my wordpress blog on the same domain www.mysite.com, so that when a user is logged in to my site he's also logged in to the blog
I installed wordpress as subdirectory on my site, url for my site is www.mysite.com and I access wordpress like this www.mysite.com/wordpressBlog
On my user_login.php in my main site I activated
session_start();
to activate cookies and on my wordpress wp_unregister_GLOBALS() I added
$no_unset = array( '_SESSION', ...
But nothing happen, when I login to my main site I still have to login to the blog
as a matter of fact my site and wordpress blog are on the same domain. I installed wordpress as subdirectory on my site url for my site is www.mysite.com and I access wordpress like this www.mysite.com/wordpressBlog On my user_login.php in my main site I activated
session_start();
to activate cookies and on my wordpress wp_unregister_GLOBALS() I added $no_unset = array( '_SESSION', ...
But nothing happen, when I login to my main site I still have to login to the blog

In order to be able to share a session cookie between both sites, they will have to run under the same domain name (e.g. mysite.com). The following would be a valid configuration if the session cookie has a scope of mysite.com
www.mysite.com
blog.mysite.com
PS. I don't recommend using Cross Scripting hacks to get around this domain scoping issue. It's limited to a domain for security reasons.
[Edit]
I should also point out that it is entirely valid to have your two sub-domains (sites) hosted on different servers
[Edit]
It is difficult to provide a succinct answer to your question because you are using a non-WP site. My best suggestion for you is to post on the WordPress StackExchange where you may get someone who has done this configuration before.
I believe your issues are centred around the scope of your Cookie from WP. Editing your wp-config.php and setting the COOKIE_DOMAIN to use "" may help with your issue as referred to by this WordPress StackExchange post.
Some posts speak of removing this settign entirely. In any case you need a way to debug your HTTP sessions to see what cookies are being sent using which scope, that is why I recommended FireBug. In any case you're still going to have to re-code your non-WP site to recognise the WP cookies so understanding what's going on is important.
I did come across this other post regarding Multisite Domain Mapping that may help with your knowledge, but this is involved WP sites only so not exactly what you need.

Related

WordPress site works while logged in to the site backend, breaks when not logged in

Our site was working properly for a month or so and all of a sudden it won't work unless you are logged into the site backend [/wp-admin]. You can see the issue here - https://hema-filler.com/.
While not logged in, it strips off the domain name from the CSS/Image/JavaScript requests and you can see that in the screenshot -
I'm only administering this site and not the developer. If you came across this kind of an issue before or if you know why this is happening, please post back.
This site is in Azure/Linux, on the latest WordPress version.
As far as I can see from the errors, your domain name is missing from the URL of the requests to the static content, which is why it is not loading properly. Please check your siteurl and homeurl inside your wp_options table in your database. If the issue still persists, then I would recommend checking with your hosting provider's support team. If they lack support, then I would recommend switching to managed WordPress hosting.

My wordpress website site URL is being changed again and again

Someone is changing my wordpress site URL to their ad spam URL. I changed it from php my admin and it was fixed, the hacker inserted a java script to every wordpress post and pages to redirect all posts and pages to their ad page, I deleted all of them. Then I installed wordfence security plugin, scanned the entire website, found some malicious codes and deleted everything. Then I changed my cpanel and wordpress password. I am using my own VPS so I also changed my root password, but still just after 12-24 hours, I can see that the wordpress site URL has been changed. I fix it and again it becomes changed.
I have mentioned what I have done, what else I can do to prevent this? Please any suggestion will be appreciated...
Your website has most probably been exploited, and the exploit is still active, as a backdoor for that Hacker..
I would check the access logs for your web requests, and especially POST requests!
which might show where is the hacker logging in via.. some Theme or Plugin that was exploited most probably.
If your web host does daily backups, it might even be worth reverting back to previous days to remove any changes... -- remember if you revert back any posts/changes from that day onwards will disappear.

WP-admin does not redirect to login page

If I browse to my wordpress wp-admin directory, I recall that I used to get redirected to the login page if I was not already logged in. Now I get the standard wordpress page not found error. I'm not aware of changing any configuration that would alter this behavior. Are there things that could have been done to stop the auto redirection from occurring? Or something I need to re-enable or reverse to get that behaviour back?
Yes, generally it is a practice used for security reasons, because you see if I know that you are using Wordpress then I can easily guess all your URLs, login URL, Admin URL, Register URL, etc...
There are some plugins that would do that for you, IThemes is an example.
Themes Security hides common WordPress security vulnerabilities,
preventing attackers from learning too much about your site and away
from sensitive areas like your site’s login, admin, etc.
Changes the URLs for WordPress dashboard areas including login, admin
and more
So the short answer is, yes you can configure it one way or another.
To Undo it, configure it again

WordPress hijacked - all subdomains effected

Just have a question :)
I have a WordPress site with domainname "site.com". It is on its own server.
On another server I have an admin site located on the subdomain "admin.site.com", and a booking site on "booking.site.com" - they are not i WordPress.
Now my WordPress site gets hijacked, and all browser shows a warning, and I'm removed from Google. But it is not only site.com which is closed, but all my subdomains. Why? And is there a way to separate, so the subdomains not will be close if my WordPress site gets hijacked again?
By close, do you mean removed from Google or non-functional in general?
Google doesn't have a lot of forgiveness when it comes to site issues, so afaik it will block the subdomains if the main domain gets compromised.
If your other sites aren't functional, you might want to check your site.com's htaccess file.

Wordpress clone on Dreamhost

So I created a new subdomain on Dreamhost. One-click installed Wordpress. Fresh Copied the olddomain.com to newdomain.com exported all the tables with the drop attribute to the new wordpress database via phpmyadmin. Then followed this post to update the urls.
The site doesn't load, giving me this error message:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
I would make sure to check the 'www' rules in Fully Hosted (from the web panel: Manage Domains > Web Hosting > Edit), compared with your site URL settings in the WordPress dashboard. Make sure those aren't conflicting first.
If you need further assistance, just let me know the domain name and I can take a look. Please also feel free to start a LiveChat from the panel or submit a ticket; our support team is here to help 24/7!
Thanks!
Ellice S
DreamHost Staff
I finally ended up creating an empty site and then using the WP Duplicator plugin. Worked like a charm!

Resources