Continuing the discussion from How to get current user?:
To be more clear - I’m trying to catch user’s session for my server-side script, placed on
example.com when Discourse placed on
forum.example.com. So CORS is the only right way to do this.
So we have https://meta.discourse.org/session/current.json end-point. I was playing with it couple days and I found it useful only for outputing user’s info on page, not for checking user’s session to pass it forward on server script, because it’s unsafe to do as I wrote here.
@eviltrout, can you please add user’s session id to this end-point? Or create another one just with session id? If I understand correctly, if I had user’s session id on my server-side script + acces to Discourse db (that I already have, thanks to Sam) then I can get user’s id and check he’s rights safely.