Logo of AppSignal

Menu
Docs navigation

Session data filtering

In most apps, at least some of the data that is sent to the application is sensitive or personally identifiable information that should not leave the network. To prevent AppSignal from storing this data the Elixir package should be configured to not send this data at all or filter out specific values.

In web applications sessions can be used to store user preferences and other sensitive data without it having to be persisted in the database or sent using parameters.

In Rails applications AppSignal automatically stores the contents of the user's session on the AppSignal transaction. This can be disabled or specific values can be filtered out.

Warning: Do not send personal data to AppSignal. If your parameters or session data contain personal data, please use filtering to avoid sending this data to AppSignal.

This feature is available since AppSignal Elixir package version 1.6.0.

Table of Contents

AppSignal session data filtering

Session data filtering will filter out any values from specified keys in the filter_session_data configuration option. Any filtered out value will be replaced with [FILTERED] before it leaves your application and is send to the AppSignal servers. This means that AppSignal never receives any of the filtered data.

In the session data filtering, there's support for nested hashes and nested hashes in arrays. Any hash we encounter in your parameters will be filtered.

To use this filtering, add the following to your config/appsignal.yml file in the environment group you want it to apply. The filter_session_data value is an Array of Strings.

1
2
3
# config/appsignal.exs
config :appsignal, :config,
  filter_session_data: ["name", "email", "api_token", "token"]

Skip sending session data

To filter all session data without individual key filtering, set skip_session_data to true. This means that the session data is set to nil and will not be stored for AppSignal transactions.

1
2
3
# config/appsignal.exs
config :appsignal, :config,
  skip_session_data: true

We'd like to set cookies, read why.