Bit of a convoluted use case but basically:
I am working on an app which uses the userbase (ie. user ID's) from a wordpress site for its own users. The app is hosted at a separate domain on a separate machine. I have a custom page on the wp site which solely contains a script which takes the user id from get_current_user_id() and generates a session id from it which we can then reverse in the app to identify the user. The app simply does an ajax request to this page to get the returned session id and store it as a cookie.
This had all been working fine when I was working on my local test environment where the app and wp site were hosted by the same machine. I am now trying to install this on the production machine. After getting over the CORS errors I had gotten initially from moving them to separate machines, I am now getting a proper response back from the wp site but I am getting the "not logged in" response. If I put the wp page's url directly into the browser, I am shown the session id I expect, just not when ajaxing from the app.
I assume there is something going wrong with the cookies. My best guess is that ajax requests (or at least jquery's $.ajax which I'm using) don't include cookies when making cross-domain requests? This sort of makes sense from a security standpoint I guess but I really need some way to get around this.
Is there some way to force the ajax request to include the cookies for the domain it is trying to reach? Is that not the cause of my problem? Is there some other better way that I could handle getting a session id from a separate domain like this?
