Switched Dark Matter Plugin SSO from an automatic to manual.
A new option has been added to the Admin UI, "Log in to Site", which will use a two-step process to sign-in a person into the primary domain of a site.
Better integrated with WordPress Core's own Session Token API, ensuring better and more reliable signing out of admin domain and primary domain.
Moved SSO to the new PSR-4 autoloader approach in version 3.0.0.
Removed the original third-party cookie SSO as it was no longer guaranteed to work due to browser privacy focused updates.
New Token API which is used for storing information and cross referencing between multiple requests.
Automatic initiation
Essentially the idea of replacing the third party cookie with localStorage has been abandoned, due to a multitude of reasons. Chief among them: Firefox's State Partitioning.
There are solutions and ways to work around this, but it leads to a number of problems:
The combination of header settings for both the primary domain (which visitors use) and admin domain can potentially interfere with settings needed by people using Dark Matter Plugin.
Point 1 could also lead to unintended complications for the security of WordPress admin and for visitors.
It partly involves advocating or promoting techniques that is not in the best interests of people in regards to privacy, which is the motivating factor involved in Mozilla's and WebKit's introduced of these features which prevents LocalStorage working.
Doesn't work on enough browsers.
Taken altogether, there are too many assumptions and blockers that pursuing the "automatic" approach is not in the best interests of people using this plugin nor supportable with the current privacy focused initiatives and safe-guarding security for site owners.
Third-party cookie / Original approach
Suffers from as many, if not more, issues as localStorage. As such, it has been removed.
... still a work in progress ...
New Token API which is used for storing information and cross referencing between multiple requests.
Automatic initiation
Essentially the idea of replacing the third party cookie with
localStoragehas been abandoned, due to a multitude of reasons. Chief among them: Firefox's State Partitioning.There are solutions and ways to work around this, but it leads to a number of problems:
Taken altogether, there are too many assumptions and blockers that pursuing the "automatic" approach is not in the best interests of people using this plugin nor supportable with the current privacy focused initiatives and safe-guarding security for site owners.
Third-party cookie / Original approach
Suffers from as many, if not more, issues as
localStorage. As such, it has been removed.