Session data filtering

AppSignal gathers session data for HTTP requests by default for supported frameworks. This data may help track down errors or performance issues that were caused by some session data an app is using. Some of this session data may contain sensitive user information though which should not be sent to the AppSignal servers.

Use session data filtering to filter out specific keys or disable the feature entirely.

Filter session data

An app's session data can be filtered by configuring keys in a denylist. This denylist system will filter out all the session data keys configured in this list.

Any session data values that are filtered out by these systems will be replaced with a [FILTERED] value. This way the list of session data in the app data on AppSignal.com still includes the session data key, but not the value. Making it easier to see that a value was present, but the potentially sensitive data was filtered out.

Filter all session data

To filter all session data without individual key filtering, set "skip session data" config option to "true" in the integration configuration. Or set "send session data" to "false" if that's the supported option.

• Ruby skip_session_data config option documentation
• Elixir skip_session_data config option documentation
• Node.js send_session_data config option documentation

Recommended keys to filter

A non-exhaustive list of session data keys that may be used by an application. Pick those keys that are relevant for your applications.

• Email addresses
  • email
  • email_address
• Tokens
  • token
  • api_token
  • sign_up_token
  • reset_password_token

See also

• Data filtering guide - Filter app data in AppSignal integrations