@Samson-Liu to expand on @PitaJ's reply:
The recommended method of sharing sessions between two separate and distinct applications is through OAuth2. We recommend this approach because NodeBB maintains its own user records, so that we can keep track of user-related metrics and other data. Relying on another database would be tricky, prone to breaking, and quite possibly dangerous.
Luckily, it's quite straightforward to get things working with OAuth2!
The first step is getting your application to expose an OAuth2 endpoint. If you're running a Node.js based app, you can use a module called OAuth2orize.
Once that is set up, you'll want to take a look at the SSO plugin skeleton for customised OAuth deployments -- nodebb-plugin-sso-oauth. You'll take this plugin, fork it, and modify it to communicate with your OAuth endpoint.
Once everything is working properly, you should be able to register and log in/out via your web app.
Minor FYI....Elasticsearch has made a strong stand that they are not a database. There are certain levels of consistency and reliability to qualify as a database that they have said they cannot support. But if your data isn't critical, and you don't mind a noticeable a delay between when you write a document and when it available for reading, then that's fine.