How can I maintain user state across subdomains?

Our main marketing site is hosted under www.domain.com (WordPress) and our web app is under app.domain.com (Angular). We are using Auth0 for authentication in the web app.

When authenticated users visit the main site (www.domain.com), we would like to be able to detect them as authenticated, so that we can retrieve their Auth0 profile information for the purposes of personalizing the UI (e.g. reflecting their logged in status in the navigation) and identifying them in analytics (e.g. Google Analytics tracking calls).

Are there any guides or suggestions on the approach to get this working? Any guidance is really appreciated, since I don’t know where to begin.

1 Like

It depends on a lot of details, but based on the information you provided and with a few constraints you could consider setting WordPress to use Auth0 for authentication and then configure it for automatic login.

This would give you the following flow:

  1. The user authenticates in your web application in a way that starts an authenticated session at Auth0.
  2. The user accesses the marketing site which detects the existing session at Auth0 and automatically logs the user in WordPress.

The above assumes the following:

  • Your SPA application needs to authenticate users in a way that creates a session at Auth0; the recommended approach that would satisfy this requirement would be for the SPA to make use of the hosted login page.
  • You can configure your WordPress to use the Auth0 authentication plugin and enable SSO and auto login.
  • The users for which you want this behavior all authenticate with the same mechanism (aka connection). This part is a requirement because in order to enable auto login in WordPress authentication plugin you’ll need to specify a connection; hence the restriction.

For reference information on the above, check: