Welcome to Staffbase Status

We continuously monitor outages, slowdowns, and other issues. Should there be any interruptions in service, we'll provide status updates here.

Security Improvements in Session Handling
Scheduled Maintenance Report for Staffbase
Completed
The scheduled maintenance has been completed.
Posted Oct 19, 2021 - 11:00 CEST
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Oct 19, 2021 - 10:00 CEST
Scheduled
We will be performing an improvement in the session handling of your app to increase its security. No action required of you at this time.

Currently, user session IDs are stored in the local storage of a user's browser or device and are used to authenticate the user when loading information in your application. We have been working on improvements to this arrangement for some time and taking steps to make it possible to use other means of session management. We are now able to move all of our apps to a first party context, which means that the backend services and the frontend of the app are reachable under the same domain. This allows us to introduce the new authentication mechanism, utilizing cookies. The backend services will give the client a (http-only) cookie that contains a session ID. Browsers will automatically pass this ID along with requests to our services.

The migration to cookies will take place on October 19th at 10am CET.

As part of these improvements, some user sessions may be lost which would require users to login again to your application. We do not expect this to affect many users but it may be a consequence of the migration.

Please get in touch with us at support@staffbase.com if you have any questions. We will be happy to assist you.

Kind regards,
Your Staffbase team

More on http-only cookies: https://owasp.org/www-community/HttpOnly
Posted Oct 05, 2021 - 09:33 CEST
This scheduled maintenance affected: Employee App & Front Door Intranet (Germany) (Core API (Germany) [SLA]), Employee App & Front Door Intranet (US) (Core API (US) [SLA]), and Employee App & Front Door Intranet (Global / Common Services) (Native App - iOS, Native App - Android).