Here’s my situation. I am trying to run a Discourse install at
talk.example.com while maintaining a website at
www.example.com. I want it so that when someone logins to the Discourse site, they also appear logged in at the
www site. If they log out of the Discourse site, they are logged out of
www. I did a lot of reading through topics here and the common answer appears to be to use SSO. I don’t think that can work in my situation and here’s why.
The site at
www.example.com is a static website built with Hugo. For those who don’t know it, think of Jekyll. So there’s no database or any backend whatsoever for it. It’s not an “app”. I basically want Discourse to be a pseudo backend for this static site. If they have unread notifications on Discourse, I want to be able to show that to them via the static site.
The only way I can think to do this is via Discourse cookies that don’t include the subdomain for which my research so far says Discourse doesn’t support.
This is an interesting challenge.
If the site was dynamic with a backend, and you had SSO between Discourse and site this would have a clear path forward. Your backend know who the user is, and can use an Admin API Key to query Discourse notifications for the current user and send it forward with the page on every request.
Since site is a static page, it doesn’t really have a logged-in state right?
I think having a new one for notifications is a great idea!
Notifications is one example and an embed for that would be great.
I know it’ll be an unsupported hack, but is there a way I can change how Discourse sets its session cookie to not include the subdomain, that will survive updates?