The MU forums have moved to

Dueling WordPress MU cookies on a single domain (1 post)

  1. LafayetteNuke
    Posted 14 years ago #

    I have two WordPress MU installations, one subdomain-based, one directory-based, both located within the same domain.

    * The subdomain installation is at * and hosts subdomained web sites, such as

    * The directory installation is at and hosts sites such as

    For the most part, this works but there is one problem -- because the subdomain cookie is set for *, it can trump the directory-based installation's cookie IF you log into the subdomain first.

    If I'm understanding things correctly, the directory-based WordPress is seeing the * cookie, trying to use it, and failing. You can auth to, but it does no good because it still tries to use the wildcard cookie.

    This only happens if you log into the domain site first because otherwise, the cookie shows up first in the cookie list, and it uses that instead.

    So what's the best way to work around this?

    I can use something like this to specify cookies on a per-subdomain basis:

    define('COOKIE_DOMAIN', '.' . $_SERVER['HTTP_HOST']);

    That solves my immediate problem -- since the cookie is now set on a per-subdomain basis, I don't have any more cookie wars between the subdomain-based network and the directory-based network.

    However, this approach negates one of the advantages of WordPress MU, in that if you're logged into one of the sites in a network, you're effectively logged into all of the sites you have access to. Setting cookies on a per-subdomain basis forces the user to login to each site they belong to.

    Ideally, I'd like to set an administrative cookie for the subdomain network that isn't tied to * (e.g. and have all of the subdomain network sites use that, but I've been wracking my brain on how to do that and coming up short.

    Simply specifying the cookie domain like this:

    define('COOKIE_DOMAIN', '');

    doesn't work because it will only work for the "admin" site specified. I'm assuming this has to do with the way the cookie specification is defined, because setting means the subdomain sites are actually looking for * If I had something like *, this wouldn't be a problem.

    Any ideas?

About this Topic

  • Started 14 years ago by LafayetteNuke