Session Replay

As session data collection will start at the 1st screenview event, it is required to have screen tracking implemented. Make sure to follow the Capacitor Track screens sections.

In order to enable Session Replay in your app and get the most stable version, it is required to upgrade the SDK to its latest version.

If you are in the process of implementing the SDK for the 1st time (or choose to take this update as an opportunity to review your Privacy related implementation), make sure to follow the Capacitor Privacy sections.

Since not all sessions are collected (depending on the percentage set in Contentsquare back-office), we have implemented an option to force replay collection on your device for testing and debugging purposes. This option can be enabled from the in-app features settings:

1. Enable in-app features
2. Open in-app features settings with a long press on the snapshot button
3. In the “Session replay settings” section, enable session Replay
4. Kill the app
5. Start app, a new session is starting with Session Replay enabled

There are 2 places where you can check if Session Replay is enabled:

In the logs: The log Session Replay is starting (Android) or Enable Session Replay for Capacitor succeeded (iOS) will confirm that Session Replay is enabled.

In in-app features settings: Below the “Enable “will start at next app start” (see below Access the replay), you will either see:

• No replay link available which means Session Replay is not running for the current session
• Get Replay link which means Session Replay is running for the current session

The replay can be accessed by tapping on Get replay link button from the in-app features settings: The replay will be available within 5 minutes. Only the “ended screen views” are processed (we know a screenview is ended when we start receiving data for the next screenview). This means that you will be able to replay your session up to the previous screenview if the session is still running.

The Session Replay feature collects every interaction of your users with your app. In order to respect the user’s right to privacy, the Contentsquare SDK :

• Masks everything by default
• Allows you to control which part of the user interface is collected via our masking and un-masking component.

Sessions will be collected for Session Replay if:

• The Session Replay feature has been enabled for your account
• The threshold set by the Session Replay Collection Rate is not exceeded.

For the HTML content to be sent, all these conditions must be true:

1. The user hasn’t opted out.
2. The session is being tracked.

If Session Replay is turned on and data collection is active for the session, the HTML content of the page is sent after every pageview (both natural and artificial) and every DOM change (only the updated elements are sent).

Depending on the Session Replay option chosen, the resulting replay will differ and additional masking tasks will have to be carried out.

With this option enabled, the Tracking Tag performs the following tasks:

• The content of <input> elements with type text, email, password, search, tel, url or <input> elements without a type attribute are replaced with bullets before the HTML is sent,
• Every figure of <input> elements with type number are replaced by 0,
• The content <textarea> elements is replaced with bullets before the HTML is sent,
• The content of <script> elements is emptied,
• Except for the above, all the HTML content is sent, including <head>,
• The content of every element marked with the data attribute data-cs-mask is removed (see below).

With this option enabled, the Tracking Tag performs the following tasks:

• The content of <input> elements with type text, email, password, search, tel, url or <input> elements without a type are replaced with bullets before the HTML is sent,
• Every figure of <input> elements with type number are replaced by 0,
• The content <textarea> elements is replaced with bullets before the HTML is sent,
• The content of <script> elements is emptied,
• The content of every element marked with the data attribute data-cs-mask is removed (see below).
• The content of every element marked with the data attribute data-cs-capture is collected and shown unless it falls under the excluded elements listed above (<input>, <textarea>)
• Every character of the text content included in the elements sent is replaced by “A”.
• Attributes unrelated to layout are removed — we only keep id, class, style, src, srcset, href, rel and type.

In case your site displays Personal Data only on a specific set of pages, you can decide to run the Auto-Masking process only on a pre-defined set of pages, so that you won’t have to apply the masking across the whole site.

We currently have two available options:

• Mask all pages except: All pages will be masked except the ones defined by a Regex Pattern agreed with your dedicated Implementation Manager.
• Unmask all pages except: All pages will be collected with clear content except from the ones defined by a Regex pattern agreed with your dedicated Implementation Manager.

These can only be configured by your dedicated Implementation Manager.

Use the excludeURLforReplay command to block data collection on pages based on their URL.
You might want to use this command for the following reasons:

• Some page replays for Session Replay cause performance issues (when the page contains many images or videos, for instance) — you can block these pages until the problem is fixed,
• Personal Identifiable Information (PII) has been exposed,
• You want to exclude whole parts of your website from being collected for Session Replay.

import { ContentsquarePlugin } from '@contentsquare/capacitor-plugin';

ContentsquarePlugin.excludeURLForReplay(URL_REGEX);

Using this command does not block page views for the given page(s) — it only blocks data collection for Session Replay.

There are two methods to remove content from the collected HTML:

1. Using the Contentsquare Personal Data Selector
2. Tagging DOM Elements

Each DOM element to be masked is identified thanks to its CSS selector and those selectors are pushed to the API via a JavaScript object. The content of the identified element will be thus removed from the replay.

The following object that contains CSS selectors for text and for attributes should be pushed to the API as follows, before firing the main tag:

import { ContentsquarePlugin } from '@contentsquare/capacitor-plugin';

ContentsquarePlugin.setPIISelectors({PII Object});

The structure of the PII Object is as follows:

• PIISelectors: CSS selectors defined here will allow the matching DOM element to be masked by the tag.

• Attributes: Using this key, one can remove the defined attributes of the DOM elements from the elements matching the CSS selectors. Note that it is possible to use an array of attribute names as shown in the example above.

Keep in mind that using both PII Selectors and Attributes is optional, meaning you can use either full element selectors, specific attribute selectors or both in the same object:

{
  PIISelectors: [".css-selector, ss-selector"], // DOM elements to be sked
  Attributes: [
      {
          selector: "select#month option, select#year option", // CSS selectors
          attrName: 'id' // Attribute name you want to mask
      },
      {
          selector: ".link-page-7", // CSS selectors
          attrName: ['href','name'] // Array attribute names you want to mask
      }
  ]
};

To exclude HTML from the page where data collection is active, add the data-cs-mask attribute to the HTML element(s): their content will be removed in the browser, before the content is even sent to Contentsquare.

Content before
<p data-cs-mask>
  emailaddress@sentitivedata.com
</p>
Content after

Content before
<p data-cs-mask></p>
Content after

You can also add the data-cs-mask attribute with JavaScript provided you do it before any pageview is sent.

Events on removed HTML — Events (click, hover, etc.) will still be collected and sent to our servers even if they are targeting removed HTML elements. They will be visible in the application using Live Resources (as named in the platform).

There are two methods to display content in a masked HTML page:

1. Using the Contentsquare Personal Data Selector
2. Tagging DOM Elements

Each DOM element to be displayed is identified thanks to its CSS selector and those selectors are pushed to the API via a JavaScript object. The content of the identified element will be thus displayed in Session Replay.

The string which contains comma-separated CSS selectors for text and for attributes must be pushed to the Contentsquare API, before firing the main tag, as follows:

import { ContentsquarePlugin } from '@contentsquare/capacitor-plugin';

ContentsquarePlugin.setCapturedElementsSelector('#capture-me, .show-me');

To display an HTML element in a masked page, add the data-cs-capture attribute to the HTML element.

Sensitive Content before
<p data-cs-capture>
  some piece of text that is not sensitive
</p>
Sensitive Content after

AAAA AAAA AA
<p data-cs-capture>
  some piece of text that is not sensitive
</p>
AAA AAA AA

It can also be added with JavaScript but, be careful, as attributes must be added before any pageview is sent.

• Some fonts are not loaded
• SVG assets are not supported
• Zoom is not properly handled

• Some screen titles don’t correspond to the screen currently shown in the player
• Ratio of the screen is not correct while the gesture positions are correct on the player
• ”Loading webviews” and “Webview not tracked” messages sometimes appear in the player
• The CSS is sometimes not immediately loaded on a new page

If you struggle to watch a replay collected on an emulator/simulator, it may be due to some network constraints applied on your computer (VPN, company network restrictions, etc.). Check your configuration and/or use a real device.

See following sections for more information about our endpoints and requests:

• Android - Requests are failing
• iOS - Requests are failing

It is important to remember that an app kill does not end a session. See Session definition for more information. If you leave the simulator/emulator running with the app in foreground, the session will not end, even if you are inactive. To better reflect actual end user behavior and avoid unusually long sessions (last hours), put the app in background or kill it.

Some bugs with the timestamps only appear when testing with a simulator/emulator. Test out the Session Replay feature when implementing it with a device in order not to trigger it.