Sessions Replay

Sessions is a powerful new feature in the Userpilot platform that allows you to visualize how users interact with your product. It captures tailored user journeys based on real interactions and lets you replay them through an intuitive video player.

This feature is available as an add-on for Growth and Enterprise plans


Usecases:

  • Watch tailored user journeys and dive deeper into your product’s current user experience.
  • Leverage actionable insights to make data-driven decisions that enhance your product.
  • Uncover friction points to optimize the experience.

Sessions go beyond standard analytics, offering you a comprehensive view of the users behaviour to make better data driven product decisions.

Configure Privacy Settings

You can control what Userpilot is allowed to capture during the user's session through Data Capture & Privacy Settings. You are able to:

  • Turn off session replay completely.
  • Specify the environment (staging vs. production) to maintain a dedicated space for thoroughly testing your settings.
  • Disable user input data. Input data will not be collected at all, and will be masked in the session replay.
  • Disable text collection of elements.
  • Exclude data capturing of elements.
  • Exclude data capturing in domains.
  • Exclude data capturing in certain locations.

Sensitive Data Masking

Why are certain elements masked automatically by the SDK?

To ensure privacy and data security, our SDK automatically masks any content entered into sensitive fields. This prevents potentially confidential or personal data—like passwords, credit card numbers, or access tokens—from being recorded in Session Replays. By default, the following element selectors are always masked in recorded sessions and never have their values collected or stored:

const DEFAULT_MASKING = [
  'input[type="password"]',
  '[autocomplete="current-password" i]',
  '[autocomplete="new-password" i]',
  '[autocomplete="confirm-password" i]',
  '[autocomplete="cc-number" i]',
  '[autocomplete="cc-exp" i]',
  '[autocomplete="cc-exp-month" i]',
  '[autocomplete="cc-exp-year" i]',
  '[autocomplete="cc-csc" i]',
  '[name="current-password" i]',
  '[name="new-password" i]',
  '[name="confirm-password" i]',
  '[name="cc-number" i]',
  '[name="cc-exp" i]',
  '[name="cc-exp-month" i]',
  '[name="cc-exp-year" i]',
  '[name="cc-csc" i]',
  'input[name*="password" i]',
  'input[id*="password" i]',
  'input[name*="pass" i]',
  'input[id*="pass" i]',
  'input[name*="pwd" i]',
  'input[id*="pwd" i]',
  'input[name*="secret" i]',
  'input[id*="secret" i]',
  'input[name*="api_key" i]',
  'input[id*="api_key" i]',
  'input[name*="apikey" i]',
  'input[id*="apikey" i]',
  'input[name*="access_token" i]',
  'input[id*="access_token" i]',
  'input[name*="auth_token" i]',
  'input[id*="auth_token" i]',
  'input[name*="token" i]',
  'input[id*="token" i]',
  'input[name*="credit_card" i]',
  'input[id*="credit_card" i]',
  'input[name*="cc_number" i]',
  'input[id*="cc_number" i]',
  'input[name*="card_number" i]',
  'input[id*="card_number" i]',
  'input[name*="cvv" i]',
  'input[id*="cvv" i]',
  'input[name*="social_security" i]',
  'input[id*="social_security" i]',
  'input[name*="ssn" i]',
  'input[id*="ssn" i]'
];

How does masking work?

  • When the SDK encounters any field that matches one of the selectors above, the field’s value is replaced with a mask (e.g., ****** ) in the data that is sent to our analytical endpoints.
  • Because the real values are never collected, there is no way to retrieve them from the session replay later, ensuring sensitive data remains private.

Can I customize which elements get masked?

  • Yes. If you need to add additional elements to mask, you can modify the masking configuration.
  • No. Removing the existing DEFAULT_MASKING rules is not allowed. This is to ensure that sensitive data is always protected and never appears in session replays.

Note: The replays in Sessions are event-based reproductions tracked by Userpilot and not actual screen recordings.

How does it work?

Once the Sessions and Auto-capture raw events features are enabled, Userpilot will start capturing the Sessions taking the privacy settings into consideration. No installation steps are required. You can then view the user sessions as shown below:

Tabs

Userpilot can record multiple tabs . This means that the end-user has multiple instances of the platform open. The tab that the end user has open at that point within the session will be in an active state.

Spans

The span column refers to how many sessions are in that replay - this will always be 1 if the Key event filter is set to "within the same session" selected as shown below. If the option 'across any number of sessions' is selected, the user can specify two (or more) events and then the recording of the two (or more) sessions that these events happened in will be displayed (i.e.event A occurred in session 1 and event B in session 2).

Create Playlists

Playlists make it easy to organize, favorite, edit, and delete your saved user journeys. Click on "Save Playlist" in the Session Replay page to save a Playlist with the added conditions or create it directly from the Playlists page by clicking on "Create Playlist" button.


For any questions please reach out to support@userpilot.co

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.