Session layer is the fifth layer in the ISO OSI layer hierarchy. Session layer establishes, manages and terminates connections between various applications. The session acts as a coordinator between applications helping them to communicate. In short, the session layer controls dialogues and conversations between applications at each end.

The session layers however suffers from many vulnerabilites. One of the most major limitations is weak authentication mechanisms. Since sessions layer hooks up two applications, session credentials such as user id, password have to be exchanges. Lack of encryption can make this vulnerable to interception. Also, if session idenfications. Some of the other vulnerabilities of the session layer include failed authentication attempts, spoofing and hijacking.

Encrypted password exchange, specific account expiration, strong session identification and limiting failed login attempts via timing mechanism are some controls which ensure better security in the session layer.

More on ISO OSI Layers >>

Layer 6 Presentation Layer , Layer 7 Application Layer