Chapter 17. What Is a Logon Session?

Logon sessions have never gotten much coverage in Windows documentation, but understanding them can help you get a better feel for how Windows works under the hood. A logon session is a data structure maintained by the kernel that represents an instance of a principal on a machine. It's where network credentials like your cached Kerberos tickets and the associated keys are stored (Item 59). Each token points to a single logon session, so ultimately each process is associated with a single logon session via its token, as shown in Figure 17.1.

Processes are linked to logon sessions via tokens.

Figure 17.1. Processes are linked to logon sessions via tokens.

A new ...

Get The .NET Developer's Guide to Windows Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.