Sign in page does not work correctly
Incident Report for Freckle Time Tracking

As part of a larger deploy that included various security enhancements from a code review we're doing, we also deployed a piece of JavaScript that will log the currently logged in users timezone offset to the server. This is data we collect for a secret future feature.

Unfortunately, the way the JavaScript snippet tried to report the information back to the server was flawed—it tried to submit the information even when no one was logged in (e.g. on the "Sign in" page).

When trying to update information of a user, Freckle checks if the currently signed in user has permission to do so. If no one is signed in, Freckle returns a snippet of JavaScript to force the browser to go to the default route in the application, which is /. In turn, Freckle then redirects to /time/dashboard, and because no one is signed in, the browser is once more redirected to /signin.

Back on /signin, the broken JavaScript once more submitted the timezone offset, leading to an endless loop of reloading the page.

We've fixed the issue by making sure no timezone offsets are submitted when no one is logged in.

Posted over 3 years ago. Mar 27, 2013 - 13:29 EDT
Resolved
Due to a routing misconfiguration the sign in page tried to reload itself—this problem is now fixed and all systems are go!
Posted over 3 years ago. Mar 26, 2013 - 14:50 EDT
Investigating
We're looking into a problem with the sign in page reloading itself.
Posted over 3 years ago. Mar 26, 2013 - 14:41 EDT
Current Status Powered by StatusPage.io