I have a WordPress multisite which uses two different domains e.g:
- www.test.com – primary site
- www.example.com
In order to get the login to work on the non primary site I have had to add the following line in my wp-config.php file
define('COOKIE_DOMAIN',false);
This allows any of the WordPress Domains to set the Cookie and in turn allows a user to login on the secondary site. My question is what are the security implications to effectively wildcarding the Cookie domain?
