Layer 5: Session
The Session Layer establishes, manages, and terminates sessions between applications.
Key Points
- Manages dialogue control between devices
- Establishes, maintains, and ends sessions
- Provides synchronization points for long data transfers
- Handles authentication and authorization
- Implements session checkpointing and recovery
- Coordinates communication between applications
RFC References
Attacks
Session Fixation: Exploiting weak session management to force a user to use a specific session ID, potentially allowing an attacker to hijack the session.
Cross-Site Request Forgery (CSRF): Tricking a user into performing unwanted actions on a web application where they're authenticated.
Man-in-the-Middle (MitM): Intercepting and potentially altering communications between two parties who believe they are directly communicating with each other.