Application vs. Session Layer of OSI Model [closed]
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this questionI'm unsure if SO is the best place for this question, but here goes:
Are login & logout procedures part of the Session layer or the Application Layer of the OSI model?
Wikipedia says:
The Session Layer provides the mechanism for opening, closing and managing a session between end-user application processes, i.e. a semi-permanent dialogue. Communication sessions consis开发者_运维问答t of requests and responses that occur between applications.
I'm not clear about whether a session encompasses the complete login/logout process (for eg., when I access my email account).
As far as I managed to grok the meaning of these two layers in the context of my question, I believe the application layer is responsible for managing the authentication & authorization that forms part of login procedures.
Please confirm my suspicions or repudiate with appropriate reasons.
The OSI model is a theoretical reference model (aka not the real thing)
When comparing the TCP/IP stack against the OSI model, you will see that the OSI Session layer is cut in half, half goes to the TCP and the other half gos to the application.
Conclusion for the OSI model login is part of the session layer, but for TCP/IP, login goes to the application layer.
See wikipedia on the differences between OSI and TCP/IP.
Yes, I believe you are correct. That is, in the OSI model, I agree that the concept of "login/logout" could be considered part of the session layer. It certainly doesn't seem to fall into presentation, and application is far too high-level. Application would be concerned with managing the login/logout procedures (such as prompting the user for the login, saving credentials/cookies, etc.) And it certainly doesn't fall into L4; a TCP connection is an L4 concept, and a login/logout "session" can span multiple TCP sessions.
For what it's worth, those of us who have worked on networking devices (unless you're working on an application-aware proxy server/WAN optimizer or similar) tend to only think in terms of layers 1-4. (maybe part of L5 if you are working on TCP) The rest of the OSI layers tend to blend together, which is why the TCP/IP model collapses them into one. Those layers are more in the domain of application developers than network engineers.
The semantic meaning of what is meant by the term logon and logoff could determine the layers involved.
It is possible to take 'logon' to mean 'connect' without including authentication or encryption. Literally - 'logon', I connected... 'logoff', I disconnected.
So while authentication happens inside the application layer (e.g. HTTP name and password) and then the presentation layer takes the name and password and encrypts them to keep them secret, the session layer is where the first literal logon - a.k.a. connection - (and before authentication takes place) happens.
So 'logon' in this example means 'connect' and should not be confused with "website login" or "windows logon", for which these latter two would involve authentication (at application layer) and - sensibly - encryption (at the presentation layer).
However, to take a real life example, TLS incorporates technologies that would be expected from presentation and application layers and uses them to fashion an encrypted connection that would normally exist at the session layer. It is a pseudo Session layer protocol. As such, I would use TLS as an example of how the OSI model is a theorectical guide and frequently cannot be applied to real world scenarios.
精彩评论