Chapter 17. What Is a Logon Session?

Logon sessions have never gotten much coverage in Windows documentation, but understanding them can help you get a better feel for how Windows works under the hood. A logon session is a data structure maintained by the kernel that represents an instance of a principal on a machine. It's where network credentials like your cached Kerberos tickets and the associated keys are stored (Item 59). Each token points to a single logon session, so ultimately each process is associated with a single logon session via its token, as shown in Figure 17.1.

Processes are linked to logon sessions via tokens.

Figure 17.1. Processes are linked to logon sessions via tokens.

A new ...

Get The .NET Developer's Guide to Windows Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.