Using Embedded 'Session Replay' For Developers To Monitor Users' Behavior

For developers of any kind, knowing how users use their product is one of the necessities.

One of the ways to do this, is by using what's called 'session replay'. This technology can be embedded inside apps, allowing developers to "replay" users' interaction when using their products.

In definition, session replay is the ability to replay a visitor's journey on a website, web application of mobile app.

The replay can include users' view (browser or screen output), user input (keyboard, mouse inputs or taps), and logs of network events or console logs. Developers can then filter the results by traffic sources, behavior and other criteria

This technology allows developers to improve user experience, and to identify obstacles in conversion process.

In many ways, using session replay, developers can also figure out if something didn't work or if there was an error in some of the interfaces.

To do this, session replay records every interaction, which can also include screenshots. The information can then be sent to the developers to analyze.

Session Replay

There are three ways to do it:

Client Side

This type of session replay is more synonymous to video replays, as it is more accurately a reproduction of a specific user's experience down to mouse movements, clicks, taps, and scrolls.

The underlying data for client-side session recordings is captured using tagging pages. There are also more advanced tools that allow developers to access the DOM directly, and can play back most interactions within the DOM including all mutations with great accuracy.

The advantage of this client-side session replay is that developers can see users' interaction in a movie-like format.

The disadvantage is that the tracking script can easily be detected and blocked by any ad blockers, for example. And app stores, like Apple's App Store, requires developers to provide privacy policy that makes it clear that apps can record a users' screen. Otherwise, the app can be banned.

Tag-Free Server Side

This solution is able to capture all interactions, from every device, including all mobile users from any location, and replays them.

Sessions in the tag-free server side method are replayed step-by-step, providing the ability to search, locate and analyze aspects of a visitors session, including clicks, taps and any form of entry.

While server-side solutions require hardware and software to be installed "on premises," tag-free server side has the advantage since it cannot be blocked. Unfortunately for developers, they can't view videos and replays in detail like on client-side session replays.

For this reason, developers may not be able to see activities such as scrolling and mouse movements.


This approach has both the client-side's and the server-side's advantages, but minus the disadvantages.

Hybrid makes every session recorded by server-side capturing, but at the same time, enriched with client-side tracking data of mouse movements, clicks, taps, scrolling, keystrokes and other user behavior.

It also works well on modern-single page applications (something that server side session replay lacks). This way, developers benefit from a movie-like replay, ensuring a 100 percent compliant capturing.

This hybrid strategy can be deployed either "on premises" or as SaaS.

Session Replay

In good ways, session replay allows a whole lot of possibilities for developers.

Knowing how users interact with their product, developers can see which of their product's feature is used the most, and where users are going next. Developers can also see the interactions, including which functionality is the most useful, and which should be eliminated to streamline the process of conversion.

This session replay feature can be useful and handy on e-commerce websites and apps, as well as ordinary websites or apps.

But in bad ways, some developers can use this capabilities to peek into users' activities and input data, and to also gather sensitive information such as credit card number, passport, email address, ID, or other sensitive information.

Frequent users of the web and mobile should know that most apps are collecting data from them. Some even monetize their data without their knowledge.

These companies and developers are doing all they can to get as much information from users.

But as long as they are within the boundaries and don't trespass user privacy, this is a fact that couldn't be reversed. But if they don't, like using session replay to spy on users, this is certainly not welcome.

For example, apps that allow users to record users' screen and replay them back. In many cases the replays are in real time, and many developers don't properly mask the session replays, allowing them to see exposed credentials in each replay session.

This should be avoided, as it evades privacy.

And when discovered, users will dislike the developers for doing what they did, and will ruin the product and brand the developers have built. It may also get the apps banned from app stores.