My reason for attempting this is so that I can force SSL for Admin/Login using a wildcard SSL on the original sub-domain address... (i.e. example.network.com) and then have the front-end served from standard HTTP on the mapped domain (i.e. example.com).
Now that I understand a bit more about how this works, would I essentially be removing any security I added using the SSL on the original domain by authenticating them on the non-SSL mapped domain as well?
Their login would have happened over SSL, but this process will set the auth cookies on the non-SSL domain as well which means those cookies would be getting sent to the server unsecured. This would prevent someone from grabbing the username and password, but not necessarily the keys in the cookies.
I think I can reverse engineer the remote login to work the other direction, meaning that the initial login happens at the original domain and them remote login makes the authentication happen on the mapped domain, but am just curious if I am going to be defeating the purpose of using SSL in the first place.
My initial thoughts are that it is no different than a typical WordPress site when they only enforce SSL on the admin side. They are still logged in on the front-end, just over HTTP. So maybe it isn't a big issue.
I am not 100% familiar with the exact way WordPress uses the cookies to maintain authentication so I am hoping to get some insight from others with more experience.
Thank you in advance for your help.