How does clicktale work for password protected pages? Is it secure to use clicktale on password protected areas of your site?
问问题
285 次
2 回答
1
I can only speak for ASP.NET but - having looked into ClickTale recently - this works by first requiring you to enable cookieless sessions and expired session restoration. Following this, it requires you to write out the cookieless session URL to your page to a JavaScript variable, which is sent off when the page is tracked so that ClickTale can impersonate the original user when requesting the page.
This raises a number of security concerns; not least due to the fact that you will be potentially submitting session IDs as unsecured HTTP requests and allowing those sessions to be restored after they expire, making it much easier for someone to impersonate your user (after all, that is the entire goal of the process).
You'll also potentially see functional side effects as ClickTale will be duplicating requests from users that may have consequences.
于 2013-12-06T17:51:07.447 回答
0
Today (2015) it is possible to use ClickTale on password protected sites seamlessly, the ClickTale tracker will send the DOM content of the page to be used in the playback/heatmaps later. It is also possible to block personal or sensitive data so it is not sent to ClickTale.
于 2015-08-16T15:25:47.753 回答