Recording Web Sessions

Web Password Filler supports Session Recording for web sessions. To record a web session, you must enable Session Recording in the Security settings of the Secret in Secret Server.

When you launch a Secret that has Session Recording enabled, or when you navigate to a web page and select a Secret that you have enabled Session Recording for, the recording begins as soon as the credentials are filled into the login fields (Username/Password, etc.).

Once the session recording starts, you should see a notification message pop up at the upper right side of the browser window indicating that recording has begun. Unless the security settings on the secret hide it, the logo on the tab will alternate between the site logo and the recording icon.

When recording web sessions, the system will limit the recording to the exact match for the domain. It will not record anything not included in the exact URL. For example, if you set a Secret with session recording has the URL value https://delinea.company.com/, the system will only record browser tabs opened for that URL. If the login page then redirects to https://company.com, the system will no longer record the session because the subdomain has changed.

Likewise, you might be recording a session in a tab opened to https://delinea.company.com. You then open a second tab to https://delta.company.com, which happens to use the same domain as the first tab (company.com). When the second tab opens, it becomes the tab 'in focus' and the session recording continues on the second tab. If you wish to keep recording on the original tab, we recommend opening the second tab in an incognito window or in a separate browser session.

If you have session recording enabled for two Secrets that contain the same primary or secondary domain such as microsoftonline.com and the same host name (microsoftonline.com), AND you are using both secrets when you select the second session, WPF will close the first session and tabs associated with the first Secret.

This is also true for two Secrets with different hosts but the same base domain.

This expected behavior ensures that the system only records sessions associated with Secrets that require session recording. Sites like microsoftonline allow only one login / active credential at a time. If you enable session recording for two secrets that do not contain a primary / secondary domain address (such as .net, .com, .co), the system will record both sessions independently. For instance, red.local.something differs from blue.local.something because 'something' is neither a primary domain nor secondary domain identifier.

The system now treats IP Addresses as entirely unique address (e.g. 10.0.0.61 is not the same as 10.0.0.51) and records them independently.

Chrome versions 92 and newer throttle the number of screenshots per second and may cause impacts to the recording, such as jumpy video or missed keystroke captures.

Session Recording Disconnecting Warning

If Web Password Filler has launched any sessions that it is recording, and you log out of Web Password Filler, those sessions must end. We have added a warning to give users the option to stay connected if possible.

This warning can occur in the following circumstances:

• The user logs out of Web Password Filler.

• The user has a tab open to the same Secret Server or platform that Web Password Filler is currently logged into. They then log out of the web tab.
  

  

• The user has a tab open to the same Secret Server or platform that Web Password Filler is currently logged into and that tab times out due to inactivity.

  The inactivity timer suspends when the tab is not active. However, if the user switches back to the tab and it has timed out, the system will raise a timeout and log the user out of both the tab and Web Password Filler.

• The user launches a web session from a different Secret Server or platform instance, requiring Web Password Filler to switch login context to the new server. In this case, the system must end recorded sessions to the old server.

  

• The authentication token used by Web Password Filler expires and cannot be renewed.

In the first four cases above, the user will receive a message explaining that the system will log out Web Password Filler and close any recorded sessions. The user will have the option to continue and close the tabs, or cancel the Web Password Filler log out. If the system logs out Web Password Filler because the user has logged out of the Secret Server or platform tab, then that tab will stay logged out, but Web Password Filler will remain logged in, allowing the session recordings to continue.

In the fifth case, Web Password Filler cannot stay logged in. The system will display a warning message that will not give the option to continue and keep the recorded sessions open. Those sessions will immediately close, and the user must log into Web Password Filler again to get a new authentication token.

Enabling Mouse Path Tracking On Recordings

Users can enable mouse path tracking on session recordings by following these steps:

1. Click the Settings icon.

   

2. Click Preferences.

   

3. Click Advanced Settings.

   

4. Enable the Show mouse path on recordings toggle.