OPERATOR REFERENCE · LAYER 5

Layer 5 Field Reference
Sessions & Dialog Control

establish → maintain → synchronize → terminate — the layer that remembers "who you are, mid-conversation"
CLIENT · login request
session established
SERVER · session store
timeout / logout
SESSION TERMINATED

A note on scope: in the classic OSI model, Layer 5 handles session setup, dialog control, and synchronization. In the TCP/IP stack most networks actually run, that job is absorbed into the application layer (cookies, session tokens, RPC binds, SIP dialogs) — so this sheet covers the real-world mechanisms that do session-layer work today, not command output from a router.

01 What the Session Layer Does
+

Session Establishment

Negotiates and opens a logical session between two applications — separate from, and on top of, the underlying transport connection.

Session Maintenance

Keeps track of session state across multiple requests/exchanges — even if the underlying TCP connection is closed and reopened.

Session Termination

Graceful teardown (logout, BYE, session expiry) or abrupt end (timeout, crash, forced revoke).

02 Dialog Control

Simplex

One direction only — e.g. a syslog feed or a broadcast stream with no return channel.

Half-Duplex

Both directions possible, but only one talks at a time — e.g. classic request/response turn-taking.

Full-Duplex

Both sides send simultaneously — e.g. an active voice call, or a WebSocket session.

03 Synchronization & Checkpointing

Checkpoints

The session layer can insert checkpoints into a long-running exchange (e.g. a large file transfer). If the session drops, it resumes from the last checkpoint instead of restarting from zero — the same idea behind HTTP Range requests and resumable uploads.

04 Real-World Session-Layer Mechanisms
MechanismRole
NetBIOS Session ServiceEstablishes a named session between two hosts before SMB file/print sharing begins
RPC (Remote Procedure Call)Binds a client to a remote service instance, maintains call context across requests
SIPSets up, modifies, and tears down real-time voice/video sessions (dialogs)
SOCKSProxy-layer session negotiation between a client and a relay server
NFS session stateTracks open file handles and locks across a mount session
PPTP control sessionManages a VPN tunnel's control channel separately from the data tunnel
Web application sessionsCookie/token-based state tying a browser to a logged-in server-side session
05 SIP Session Setup (Voice/Video Call)
CALLER CALLEE INVITE 100 Trying 180 Ringing 200 OK ACK — media session active later: BYE / 200 OK ends the dialog
06 Web Application Sessions
🍪

Server-Side Session + Cookie

  • Server creates a session record, keyed by a random session ID
  • Session ID sent to browser as a cookie
  • Browser resends the cookie on every request
  • Server looks up state on each request
State lives on the server — easy to revoke instantly.
🔑

Token-Based (JWT)

  • Server issues a signed token containing session claims
  • Client stores and attaches it (header or cookie)
  • Server verifies the signature — no lookup needed
State lives on the client — scales easily, but revocation before expiry is harder.
07 TLS Session Resumption
ID

Session ID

Server caches session parameters keyed by an ID; on reconnect, client presents the ID to skip a full handshake.

TK

Session Tickets

Server encrypts session state into a ticket handed to the client — no server-side cache needed, easier to scale across load-balanced servers.

08 What Happens — A User Logs In & Stays Logged In
1

Credentials submitted

User submits username/password over an existing TCP+TLS connection. This is application-layer data — the session layer hasn't acted yet.

Pre-session
2

Server authenticates and creates session state

On success, the server generates a session record (or signs a token) representing "this user is logged in," independent of any single TCP connection.

Session establishment
3

Session identifier handed to the client

Sent back as a cookie or token. The client will present this on every subsequent request — this identifier is what ties disconnected HTTP requests into one continuous session.

Identifier issuance
4

Each new request re-attaches to the same session

Even though the underlying TCP connection may open and close repeatedly, the session layer's job is making each request "remember" who the user is by validating the session ID/token.

Session maintenance
5

Idle timeout or explicit logout

Server expires the session after inactivity, or the user logs out explicitly — either way the session record is invalidated (or the token's expiry passes).

Session termination
6

Next request is unauthenticated again

Any further request with the old session ID/token is rejected — the user must re-establish a session (log in again) before continuing.

Post-session
09 Common Session-Layer Issues
SymptomLikely Cause
User randomly logged outSession timeout too short, or sticky-session load balancer routing to a different server without shared session store
Session hijackingSession ID stolen via XSS, unsecured cookie (missing Secure/HttpOnly flags), or predictable session IDs
Session fixationServer accepts a session ID the attacker already knows, instead of issuing a fresh one at login
Call drops mid-conversation (SIP)Session refresh/re-INVITE failing, NAT timeout on the signaling path
Session lost across serversNo shared/centralized session store in a multi-server deployment
MitigationPractice
Cookie hardeningSecure, HttpOnly, SameSite flags
Session ID strengthCryptographically random, high entropy
Regenerate on privilege changeNew session ID issued after login/privilege escalation
Centralized session storeRedis/DB-backed sessions shared across servers
Explicit expiryIdle timeout + absolute max session lifetime