Shared Discourse/Static Site Login

Hey Everyone,

Here’s my situation. I am trying to run a Discourse install at while maintaining a website at I want it so that when someone logins to the Discourse site, they also appear logged in at the www site. If they log out of the Discourse site, they are logged out of www. I did a lot of reading through topics here and the common answer appears to be to use SSO. I don’t think that can work in my situation and here’s why.

The site at is a static website built with Hugo. For those who don’t know it, think of Jekyll. So there’s no database or any backend whatsoever for it. It’s not an “app”. I basically want Discourse to be a pseudo backend for this static site. If they have unread notifications on Discourse, I want to be able to show that to them via the static site.

The only way I can think to do this is via Discourse cookies that don’t include the subdomain for which my research so far says Discourse doesn’t support.

Any ideas?


This is an interesting challenge.

If the site was dynamic with a backend, and you had SSO between Discourse and site this would have a clear path forward. Your backend know who the user is, and can use an Admin API Key to query Discourse notifications for the current user and send it forward with the page on every request.

Since site is a static page, it doesn’t really have a logged-in state right?

We have the option to Embedding a list of Discourse Topics in another site and Embedding Discourse Comments via Javascript both which works with static sites.

I think having a new one for notifications is a great idea!

1 Like

Exactly. It’s just HTML, CSS, and typical front-end JavaScript.

In an ideal scenario I’d like to be able to use JavaScript on the static site, that runs in the browser, to be able to pull data from Discourse.

Notifications is one example and an embed for that would be great.

Another example, I’d love to be able to set a User Field over on Discourse for people to fill out. Then over on the static site, be able to access that user field to change how content is rendered (via JavaScript). For example, to re-order content to customize it for the user.

I know it’ll be an unsupported hack, but is there a way I can change how Discourse sets its session cookie to not include the subdomain, that will survive updates?