5 min read

What Is Session Recording in PostHog

Session recording captures exactly what users do in your app — every click, form input, and page navigation. This is crucial when you need to understand why users are abandoning checkout, where they're getting stuck, or what broke in production.

How Session Recording Works in PostHog

PostHog records sessions automatically once you initialize the SDK. It captures the DOM state, user interactions, and network activity without requiring extra setup.

Initialize PostHog with Session Recording Enabled

When you load the PostHog JavaScript SDK, session recording is enabled by default. PostHog will start capturing user interactions immediately. You can also explicitly configure it with the session_recording property.

javascript
import posthog from 'posthog-js'

posthog.init('your-api-key', {
  api_host: 'https://us.posthog.com',
  session_recording: {
    recordCanvas: false,
    maskAllInputs: true,
    maskAllText: false,
  },
})
Initialize PostHog with session recording enabled

Session Replay Captures Full User Journeys

PostHog records every interaction — clicks, form fills, scrolls, navigation, and network requests. The replay is a video-like playback of exactly what happened in the user's browser. This data persists for 30 days by default.

javascript
// Access the session ID to link events to a specific recording
const sessionId = posthog.get_session_id()
console.log(`Current session: ${sessionId}`)

// Sessions are automatically linked to events — no manual work needed
posthog.capture('checkout_error', {
  error_code: 'payment_declined',
  // This event is automatically tied to the session recording
})
Events are automatically linked to the active session
Watch out: Session recordings can become large if users have canvas elements or auto-playing videos. Use recordCanvas: false to exclude canvas rendering and reduce file size.

Configuring What Gets Recorded

PostHog lets you control what data is captured for privacy and performance reasons. You can mask sensitive inputs, exclude specific elements, and redact text.

Mask Sensitive Form Inputs

Set maskAllInputs: true to automatically mask all form fields so credit card numbers, emails, and passwords aren't recorded. You can also selectively unmask specific fields with the data-ph-unmask attribute.

javascript
// In HTML, unmask fields you want visible:
// <input type="email" class="user-email" data-ph-unmask />

// Or configure in PostHog init:
posthog.init('your-api-key', {
  api_host: 'https://us.posthog.com',
  session_recording: {
    maskAllInputs: true,
    // maskAllText: true masks all visible text too
  },
})
Mask inputs by default, then selectively unmask what you need

Exclude Elements from Recording

Use the mask-session-recording class or data-ph-mask attribute to exclude specific DOM elements from being captured. This is useful for hiding third-party widgets, sensitive dashboards, or PII.

javascript
// In HTML, mark elements to exclude:
// <div class="mask-session-recording">This won't be recorded</div>
// <div data-ph-mask>Neither will this</div>

// PostHog automatically skips these during playback
// Use this for:
// - Payment processor iframes
// - Customer data dashboards
// - Internal admin panels
Exclude sensitive elements with a class or data attribute
Tip: If you mask too aggressively, session replays become useless. Aim to mask only fields that actually contain PII (payment info, SSNs, API keys), not every text input.

Accessing Recordings in PostHog

Once data is recorded, you can find and watch session replays directly in the PostHog UI or programmatically via the API.

View Recordings in the PostHog Dashboard

Go to Session Replays in the left sidebar. You'll see a list of all recordings ordered by recency. Click any session to play it back. You can filter by user, event, or date range. The replay shows a timeline synced to events that occurred during that session.

javascript
// You can programmatically trigger navigation to a session:
window.location.href = `https://app.posthog.com/sessions/${sessionId}`

// Or access the PostHog API to fetch session metadata:
fetch('https://us.posthog.com/api/projects/{project-id}/session_recordings', {
  headers: {
    Authorization: `Bearer ${apiToken}`,
  },
})
  .then(r => r.json())
  .then(data => console.log(data))
Access sessions via UI navigation or the PostHog API

Filter Recordings by User Behavior

In Session Replays, use filters to find specific recordings. Filter by page visited, event triggered, user cohort, or session duration. This lets you zero in on users who hit errors, abandoned checkout, or got stuck on a specific page.

javascript
// When capturing events, add properties that make filtering easier:
posthog.capture('checkout_abandoned', {
  cart_value: 249.99,
  step: 'payment',
  reason: 'payment_failed',
})

// Now in PostHog UI, filter: Event = 'checkout_abandoned' AND step = 'payment'
// This will show you only the sessions where users hit that specific error
Use event properties to make sessions easier to find and analyze
Watch out: Session recordings don't capture network responses for security reasons. If a user gets an API error, you'll see the XHR request in the timeline but not the response body. Correlate with your backend logs.

Common Pitfalls

  • Forgetting that maskAllInputs protects form fields but not text content — if you have PII in visible text, it still gets recorded. Use maskAllText: true or the mask-session-recording class.
  • Enabling recordCanvas: true for sites with auto-playing videos or animated charts. This bloats recordings and kills performance. Keep it false unless you specifically need canvas playback.
  • Not cleaning up old recordings — they count against your storage quota. PostHog deletes them after 30 days, but if you're over limit, new recordings won't capture.
  • Assuming network requests show response bodies. They don't for security. If debugging an API error, cross-reference with server logs.

Wrapping Up

Session recording in PostHog gives you a video-like replay of exactly what users experienced. Enable it, configure privacy settings so you're not capturing PII, then use the replays to debug errors and understand drop-off points. If you want to track this automatically across tools, Product Analyst can help.

Track these metrics automatically

Product Analyst connects to your stack and surfaces the insights that matter.

Try Product Analyst — Free