What Is a Session Layer?

The session layer (Session) is built on top of the transport layer, and uses the services provided by the transport layer to enable the application to establish and maintain a session and to synchronize the session. The use of checkpoints at the session layer enables the communication session to resume communication from the checkpoints when the communication fails. This ability is extremely important for transferring large files. ^[1]

Chinese name: Conversation layer

Foreign name: Session Layer
Layers: Layer 5 of the OSI reference model

OSI Session layer OSI

Network Layer 7 Protocol (Open System Interconnection), referred to as OSI for short, is an open reference model for universal system interconnection. It is a well-defined protocol specification. The OSI model has a 7-layer structure, and each layer can have several sub-layers. The 7 layers of OSI are 7 from top to bottom, respectively Application layer 6 Presentation layer 5 Session layer 4 Transport layer 3 Network layer 2 Data link layer 1 Function, the following 3 layers, namely 3, 2 and 1 are mainly oriented to end-to-end data flow through the network. ^[1]

Brief description of the conversation layer

The session layer, presentation layer, and application layer form the upper 3 layers of the open system. They provide distributed processing, dialogue management, information representation, and recovery of final errors in the face of application processes. The session layer must also bear the application process service requirements, while the transport layer cannot. That part of the work is done to make up for the functional gap in the transport layer. The main functions are dialog management, data flow synchronization and resynchronization. To complete these functions, a large number of service unit function combinations are needed, and dozens of functional units have been formulated. If you want to memorize this layer 5 with as few words as possible, it is "conversation and conversation."

Main functions of the session layer

Session layer: Establishing connections between session entities

To establish a session connection for two peer session service users, the following tasks should be done.

Map the session address to the shipping address.

Select the required quality of service parameters (QOS).

Negotiate session parameters.

Identify each session connection.

Transmit limited transparent user data.

Session layer data transmission phase

At this stage, organized and synchronized data transmission is implemented between two session users. The user data unit is SSDU and the protocol data unit is SPDU. The data transmission process between session users is converted from SDU to SPDU.

Session layer connection release

Connection release is through the orderly release, "abandoned", "limited transparent user data transfer" and other functional units to release the session connection.

The session layer standard defines 12 kinds of functional units in order to enable the function negotiation during the session connection establishment phase and to facilitate the reference and reference of other international standards. Each system can choose other functional units to form a reasonable subset of session services based on its core functional service units based on its own situation and needs. ^[2]

Session layer other

The main standards of the session layer are "DIS8236: Session Service Definition" and "DIS8237: Session Protocol Specification".

Session layer (SESSION LAYER) allows users on different machines to establish a session relationship. The session layer transfers ordinary data in a similar transport layer sequentially, and in some cases also provides some useful enhanced services. Allow users to log in on a remote time-sharing system with one session, or transfer files between two machines. One of the services provided by the session layer is managing dialog control. The session layer allows information to be transmitted in both directions simultaneously, or only in one direction at any one time. If it belongs to the latter, similar to the half-duplex mode on the physical channel, the session layer will record which party it is at this time. One service related to dialog control is token management. It is important that some agreements guarantee that both parties cannot do the same thing at the same time. To manage these activities, the session layer provides tokens, which can be moved between parties to the session, and only the party holding the token can perform some critical operation. Another session layer service is synchronization. If on a network with an average major failure every hour, two machines briefly perform a two-hour file transfer, what would happen? After each transfer fails, the file has to be retransmitted. When the network fails again, it may end up halfway. To solve this problem, the session layer provides a way to insert synchronization points in the data. After each network failure, only the data after the last synchronization point is retransmitted (this is actually the principle of breakpoint download).

Session layer session hijacking and security

Session layer session hijacking

Due to the characteristics of the session layer transmitting data, session hijacking may occur when a session occurs. Session hijacking occurs when an attacker tries to take over a TCP session established between two computers. The basic steps of session hijacking include: finding sessions, guessing sequence numbers, forcing users to go offline, and taking over sessions. The purpose of session hijacking is to steal an authorized connection from a valid system. If the hacker succeeds, he can execute local commands. If he hijacks a privileged account, the hacker has the same access rights as the privileged user. What makes session hijacking so dangerous is that it allows control of existing accounts, which leaves almost no trace of the attack. Two tools that can be used for session hijacking are Ettercap and Hunt.

Session layer prevents and detects session hijacking

There are two main mechanisms to solve the problem of hijacking: blocking and detection. Blocking methods include limiting the number of incoming connections and configuring the network to reject packets from the Internet but claiming to be from a local address.
Encryption can also help. If you must allow connections from external trusted hosts, use Kerberos or IPsec for encryption. FTP and Telnet are quite fragile and we need to use more secure protocols. SecureShell (SSH) is a good choice. SSH establishes an encrypted channel on local and remote hosts. Using IDS or IPS systems can improve detection. Using switches, security protocols such as SSH, and a more random initial sequence number will increase the difficulty of session hijacking.