*edit* I didn’t realize that your users weren’t already registered on both sites. In that case, you may want to add a hook into your webapp that automagically registers users with both webapp and wp site on registration. OR, using one of the methods below, you can have wordpress create the user on the fly, and just send the user_id back to your webapp, and your webapp could store the wordpress user id for future use. Just a thought…*
Aren’t cookies locked down to a specific domain? I’m not sure if an htaccess is going to do the trick from one domain to the other. You might look at authenticating the user on both the webapp and the wordpress site at the same time, that’s how I’d handle it.
Do you have the ability to hack some of your “webapp’s” code to perhaps make an http post request to your wordpress site during the user login process?
If so, then you could just write a function that receives data only from your webapp’s domain, containing some sort of encrypted key that only your webapp would know as well as the email and or user id of the person you want to log in, and just run a “set_user” function call on the wordpress side.
Not sure that this is a very secure method though, as the call would have to be made through an iframe.
Alternatively, I think you could also try making a call from your webapp site to your wordpress site that sets a transient containing a nonce and a user_id after a person logs in on the webapp side. Then, you just add a filter to your webapp that appends the nonce as a GET parameter to all of your links to your wordpress site. When the user clicksthrough from your webapp, wordpress looks up the transient and then runs set user.
Maybe one of those two approaches will help you out?
Great question though!
