We will be performing an improvement in the session handling of your app to increase its security. No action required of you at this time.
Currently, user session IDs are stored in the local storage of a user's browser or device and are used to authenticate the user when loading information in your application. We have been working on improvements to this arrangement for some time and taking steps to make it possible to use other means of session management. We are now able to move all of our apps to a first party context, which means that the backend services and the frontend of the app are reachable under the same domain. This allows us to introduce the new authentication mechanism, utilizing cookies. The backend services will give the client a (http-only) cookie that contains a session ID. Browsers will automatically pass this ID along with requests to our services.
The migration to cookies will take place on October 19th at 10am CET.
As part of these improvements, some user sessions may be lost which would require users to login again to your application. We do not expect this to affect many users but it may be a consequence of the migration.
Please get in touch with us at firstname.lastname@example.org
if you have any questions. We will be happy to assist you.
Your Staffbase team
More on http-only cookies: https://owasp.org/www-community/HttpOnly