Community Support Forums

[jesseAe]

I'm coding a web app and using s2member to restrict access to the wordpress page that displays the app interface.

I would like to make the app usable offline, but obviously a user cannot login offline and so would not be able to access the restricted app page.

So my question:
Is there any way for s2member to support offline access to restricted content?

[Cristián Lávaque]

How would you suggest to achieve that?

[jesseAe]

Coming from a Support Rep, your question comes off as kind of snarky.

I don't know all there is to know about wordpress authentication. If I did I would not have purchased the s2member pro plugin. However...

On this page:
http://codex.wordpress.org/WordPress_Cookies

It says this:
"If WordPress recognizes that you have valid, non-expired cookies, you go directly to the WordPress Administration interface."

So I was thinking that maybe if the cookie expiration can be changed then maybe there would be a way to get offline admin access for a set period of time. If this is ridiculous I would prefer you simply tell me this is ridiculous and not dress your ridicule in the guise of a question. Otherwise, can you help me?

[Cristián Lávaque]

Oh, no, I honestly didn't know how it could be done, which is why I asked you in case you had any ideas.

I actually think that what you mention about the cookies may work, but I'm not an expert in this.

I'll email Jason, the Lead Developer, to see what he thinks.

[jesseAe]

Ah, very sorry I took your question the wrong way. I'm just touchy because I can't figure out whether it's possible or not myself. Thanks a lot for looking into this.

[Jason Caldwell]

Thanks for the heads up on this thread.

Yes, all of WordPress ( including s2Member ), works on cookie-based authentication. That is, a User logs into the site, and remains logged in until cookie authentication expires. So as long as your application can work offline, you shouldn't have a problem recognizing the User as being logged-in, because cookies are stored on the client-side browser. Just be sure they click the "Remember Me" box when they log in, so that cookies remain in existence, even after the browser session is finished.

Cookie authentication in WordPress is handled by this core framework function:
http://codex.wordpress.org/Function_Ref ... uth_cookie

For better security, you might consider a JavaScript version of this routine, or at least something that checks the overall validity of the authentication cookie set by WordPress. I'm not sure you'll ever get something that's "as secure" as a server-side validity check, but I'm sure you could come up with a workaround for an offline app that would suffice.

[jesseAe]

That's excellent. Thanks again Cristián for looking at this, and thanks for spelling it all out for me Jason. If I wind up writing that javascript authentication routine I will post a link here.

[Cristián Lávaque]

Cool, Jesse. Looking forward to that.