Setting Up Common Login-Logout in Domain-Mapped Multisite

Since version 3.0, the WordPress multisite network allows users to create a network of sites within a single WordPress installation. The multisite network can generally be formed in two different ways; one, creating sub-domains, two, creating sub-directories.

Sub-domains let the administrator create a domain-based network, in which on-demand sites use sub-domains. For instance, if the URL of the main site is sample.test, then the URLs of the sub-sites will be site1.sample.test, site2.sample.test, etc. On the other hand, if the sub-directory method is used to create multisites, a path-based network is created, where subsites appear like sub-directories. For instance, for the same main URL (sample.test), the sub-site URLs would be sample.test/site1, sample.test/site2, etc.

Here we focus on the domain-mapped network and the issue of creating a common login-logout system for the same. But first, let us understand what is WordPress domain mapping.

WordPress Multisite Domain Mapping

The subsites in WordPress multisite network can be mapped to different domain, which is not a part of the domain of current network. This means a site created as site1.sample.test or sample.test/site1, can be mapped to show as example.test. This is beneficial for achieving two different domains in single installation.

If a user has to maintain two sites of different domains, say sample.test and example.test, what approach he normally follows is to make two WordPress installations and set up the sites. However, not only does this increase the setup time but as there are two distinct installations, the user needs to handle the sites individually. This necessitates separate plugin installations for both sites. Also, if the user needs a common login and logout system for the sites, it is not available by default.

Subsites in the WordPress multisite network provide common login and logout for all sites. This means a user needs to log in to any one of the multisites and he/she gets logged in to all sites. Same is the case for logout. This important feature is missed if the user follows a conventional approach.

The best solution to utilize the features of multisite along while using different domains for the website is domain mapping.

The approach to be followed is to create a multisite network of sub-domains or sub-directories at sample.test, add a subsite, either site1.sample.test, or sample.test/site1, and map it to the domain example.test. Thus, all the Dashboard features of example.test can be handled from the dashboard of site1.sample.test.

Domain mapping can be done with ease using plugins such as WordPress MU Domain Mapping, which allows mapping of sub-domains as well as sub-directories.

Setting Up a Common Login/Logout Feature

In cases of domain mapping, provided that the mapped domain has DNS entries in the server, the mapped domain follows the login with the main site’s login.

However, many times it is observed that the subsites follow common login when logged in from any of the sites, but common logout is not followed. When a user logs out from any non-mapped subsite, he/she is logged out from all sites except the domain-mapped site. However, logging out from mapped site works and logs the user out of all sites.

Why does this happen?

In a multisite network, all the subsites share common wp_users and wp_usermeta table. When a user logs in to any of the sites in the multisite network, a meta field called ‘session_tokens’ is set with the user entry in wp_usermeta table. This session_tokens consists of login time, login expiration, random password and user agent information.

The login time is the time when the user logged in, in the timestamp format. The expiration time is set at 48 hours from login time. This session_tokens is present as long as the user is logged in to the website. When the user logs out from the site, the session_tokens is deleted.

In case of domain mapped sites, the session_token doesn’t get deleted when user logs out from a site. Thus, the user doesn’t get logged out. The token is deleted only when a user logs out from the domain mapped site and the user gets successfully logged out from all sites.

An Elegant Solution

In order to achieve simultaneous logout from all sites, following approach can be used:

On logout of a user, delete session_tokens meta field associated with the user ID. This can be performed on wp_logout action hook.

<?php
add_action('wp_logout', 'logoutUser', 10);

function logoutUser()
{
   delete_user_meta(get_current_user_id(), 'session_tokens');
}

As the second way is applicable for multiple domain mapping and doesn’t contain any physical redirects, it can be preferred to the first one, to obtain common logout from all sites.

Endnote

This is how a common login-logout system can be set up in a domain-mapped WordPress multisite installation. What do you think of this solution? Feel free to ask any questions you might have while implementing it!

Any other ways you have used to overcome a similar problem for WordPress Multisites? Let us know in the comments section below!