I'm trying to build a simple way to give access to users that I want under my account. As I see, WordPress stores two sessions ID: wordpress_logged_in_% and wordpress_. I was wondering, is there no way to force wp_signon or a core function to bypass the need for an user / password and use a cookie instead?
Topic single-sign-on Wordpress
Category Web
Don't need no cookies. WordPress automatically bypasses it for you if you pass an user (the one you need to login) object, fire this function on init (I think):
$user_to_login = get_user_by( 'id', 1 );
// Check if user exists
if( $user_to_login ) {
wp_set_auth_cookie( $user_to_login->ID, False );
/**
* Fire up the login process.
*/
do_action('wp_login', $user_to_login->name, $user_to_login );
}
This is extremely rudimentary. No checks at all, nada. You must employ heavy checks as to how people use this functionality.
You'll have to solve issues such as: caching issues (usually by setting the right header, redirection, validity, etc.) but this works.
Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.