Understanding Data Collection and Session Replay

Understanding Data Collection and Session Replay

by Yaron Gueta Posted on Jan 23, 2020

What makes Glassbox’s digital session replay software stand out from the competition? To understand what makes this technology unique, it’s important to understand the methods of data collection involved and how session recordings are implemented, recorded, and displayed.

How Glassbox Collects Session Replay Data

Can you solve this equation X^2+3= without having the right side of it? This is what is missing when you are using client-side recording only, especially if you want to use the replays for production support and fraud investigations.

Our unique session replay software utilizes multiple methods of data collection in order to provide a complete picture of every session, no matter how a user chooses to access the client site. These can include JavaScript (JS), mobile browser or application data, network traffic, and more. Taken separately, each and every data collector is sufficient to stand on its own, be combined with the perspective from all of the other data collectors, or used in the combination that works best for your business. Through JavaScript, you can record, view, and playback client-side recordings. Using server-side recording allows you access to view bot traffic and scraping. Or, view both perspectives at once through our unique hybrid approach, which provides a 360° understanding of each session.

Implementing Session Replay Software With Zero Hassle

We’re proud that our patented technology is easy to set up and even easier to use! The client-side recording via JavaScript can be installed in under five minutes, with a simple JS tag addition. While server-side recording requires a more detailed implementation process, you can choose to undergo the process in two stages – beginning with client-side recording and then progressing to add recording on the server side as well. Going deeper over time can help ensure the process is smooth and sustainable. Even with the JavaScript session replay alone, your business will still be receiving valuable insights that you can’t get anywhere else, a perspective which will only be further enriched with the addition of server-side recording.

Comparing Client Versus Server Side Recording

While client-side session recording is becoming increasingly available, choosing a solution that only provides client-side recording offers only half of the picture. Only Glassbox and Glassbox alone is able to offer server-side recording that allows for more complete data collection and reporting which will enrich the client-side data to a 360° view.

Choosing a Hybrid Approach for Best Results

Did you know that 80% of fraudulent access incidents cannot be recorded when monitoring only client-side sessions? By utilizing the Glassbox hybrid model, you can protect your business against malicious bots and other problematic activities. Tracking server-side data can also be used to track and prove regulatory compliance, ensuring that your company is always ready in case of investigation or audit. Hybrid data collection ensures that IT production support teams are fully equipped with all the information needed – including full recording of HTTP headers, even cookies that are marked as “HTTP only”. HTTP errors like 404 or 500 can now be recorded when they happen on the main web page and even HTTP redirect (status code 302) can be recorded when using server-side recording. And this is just an example of why the server perspective is so important.

Capturing both sides of the equation means that your business can retrieve and replay historical data, identifying ongoing IT issues behind the scene, take remedial action as needed to reconnect with lost clients, stand strong against potential fraud, and improve overall customer support and customer experience on your site. Do more for your business with Glassbox digital customer experience software!

For the Technical Audience Only

If you’re looking for a more in-depth understanding of the technical implementation and benefits of server-side recording, read on.

Server-side recording is important for production support and fraud. There are many use cases that can be captured on the server-side only. These use-cases are the blind spots for client-side recording (using JavaScript), which is, as mentioned, one of the data collection methodologies of Glassbox. It is important for me to explain in detail and to add some specific use cases in order to better explain the need.

HTTP headers of main pages

Let’s start with what a “main page” is. The “main page” is actually the page that is loaded when you type the address of the website in the address bar of the browser, e.g. www.glassboxdigital.com. This page is being loaded by the browser and it’s resetting the state of the browser related to the website being accessed (including the window and document object in within the JavaScript engine). This “main page” is handled differently from an Ajax request which is being loaded by the JavaScript engine (e.g. XHR).

Why it’s interesting: the browser does not allow accessing the headers of these requests by using JavaScript, which means that when it comes to production support and fraud it’s a blind spot for client-side recording, and a big one.

If you still need some more information to make it realistic, let me share a real case where we helped our customers to fight a zero-day attack. The attack was “CVE-2017-5638 is a critical vulnerability in the Apache Struts 2 web app framework. Attacks have escalated as hackers exploit this code-execution bug.” You can learn more about this type of attack on the Synopsis blog.

In a nutshell, attackers were using a vulnerability of Apache Struts 2 to use remote method invocation of commands that exist in the “Content-Type” header.
This attack was recorded by the server recording module of Glassbox. It was fully recorded with all headers and payload and alerted on each and every attack.

The picture was taken from https://2jws2s3y97dy39441y2lgm98-wpengine.netdna-ssl.com/wp-content/uploads/2017/03/struts-detection-660×312.png

Response codes of main pages

As we already know what the “main page” is I won’t repeat it, but these response codes are not visible to the client-side and the user experience system is not complete without them. Website monitoring and session replay tools cannot afford these blind spots, else you could miss a very important problematic response code, such as 500 (server error), 404 (not found), or 400 (bad request).

Redirects

The HTTP response status code “302 Found” is a common way of performing URL redirection. The use of redirects is very important for many reasons, such as security and usability (e.g. redirect to mobile site from a standard website). These hits are critical for troubleshooting and production support, you can not afford to lose them.

Bots/Scrapers/Fraud – Non-JS practices

Many bots, website scrapers, and attackers are trying to access your website without executing JavaScript. These cases can not be recorded without a server-side module.

The picture was taken from https://www.netsparker.com/support/viewing-http-request-response-issue/

The value of having the entire traffic recording and the ability to refine your security tools like WAF is a huge benefit to your security team.

Script Blockers

Users that are running script blockers cannot be monitored with JS. These users are usually very tech-savvy people, who also tend to complain about the service and technical difficulties. You need to be able to record these users’ sessions with your customer experience tools.

HTTP Only

The cookie header is an important header in the HTTP protocol. A cookie is partially visible to JavaScript. “HTTP Only” is a good example of a cookie that is not visible to JavaScript. In order to provide good product support, you need full visibility of the cookie header, as it contains a lot of the HTTP request details.

Sign up for insights

Sign up for insights