One of my gripes with WordPress is that it “provides” the ability to move the core files into an alternate location other than the root without devising a way to fully support it. The caveat is if you do this, the cookies used to manage your authentication on the site break because of the way WordPress stores sessions. This in and of itself is not entirely the problem, but rather when you go to find information about it, what you find says more or less: we provide the ability to do x, but if you use it you break y and z, oh well. People seem resigned to not being able to solve the problem, which is silly, because it can be solved. This is more so for people looking for an answer…

So as promised, my hack of a solution. Anyone that knows PHP can easily fix this problem.

In your wp-includes/ directory you’ll find a core file called pluggable-functions.php — and if you havent edited this file, on line 285 you’ll find the offending function definition wp_setcookie used to authenticate a user and save their session information into a cookie. Looks something like this:

if ( !function_exists('wp_setcookie') ) :
function wp_setcookie($username, $password, ..

The last few lines in this function definition contain the problem:

if ( $cookiepath != $sitecookiepath ) {
setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN);
setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN);
}

If the cookie path isn’t the same as the site’s cookie path you get no nookie. So there’s a couple of ways you can approach this: 1. You can hard core a switch statement in here for the various subdomains under which your user should have wp admin acces and add it as a control statement to the lines above. Or you can insert some hard code like this:

WAL-Cookie Hack

if($_SERVER['HTTP_HOST']=='mysubdomain.mydomain.com'){
setcookie(USER_COOKIE, $username, $expire, $cookiepath, "mydomain.com'");
setcookie(PASS_COOKIE, $password, $expire, $cookiepath, "mydomain.com');
}

What this does basically is checks to see if the script is being run from a subdomain called mysubdomain, and if it is, it will set a cookie giving the user access as an admin, (or whatever level they are) on the root domain which in this case is mydomain.com. This same idea can be applied when you need to carry your session over the www subdomain (which isn’t really necessary, create an .htaccess file to redirect traffic from www.mydomain.com, to mydomain.com and you avoid the problem entirely)

Also you’ll need to update the clear wp_clearcookie() to remove the cookies you just added. Otherwise your logout will not work.

There’s probably a million things wrong with doing it this way, afterall it’s not good practice to hardcode in the way I’ve shown you above. The matter is however, it does the job — Of course if you’re a PHP monkey with more time on your hands, I’d love to see you Develop an Elegant Solution Using Pluggable Function Override!

In your theme’s directory a file called functions.php can override some of the default functions. See the link above for more details.
Good luck!