What "sessions" are on Windows NT

You've come to this page because you've asked a question similar to the following:

What is a "session" on Windows NT? It is a login session?

This is the Frequently Given Answer to such questions.

The use of the term "session" on Windows NT is confusing. On other operating systems, the concept of a "session" is related to that of a "login session". On Unix and Linux, for example, when one has logged in using the TUI login program, a "session" is a "login session".1 On Windows NT, it is not.

The notion of a "session" arose from the introduction of Terminal Services to Windows NT. Terminal Services allows a remote machine to act as a secondary graphical "terminal" to a Windows NT system2, allowing multiple users to interact with a single machine simultaneously.3

Unfortunately, whilst the security part of Windows NT had been designed to support multiple users, much of the design of the rest of the system had wrongly assumed that there would only ever be one user interacting with the system at any given time. Many inter-process communication objects used by system processes, by the desktop user interface, and by subsystems such as the Win32 subsystem, had been assigned global names.

Terminal Services broke this assumption quite drastically. Therefore a new concept was introduced, that of a "session". On Windows NT a "session" is a way of partially virtualizing the operating system kernel. Changes to the Object Manager in the kernel allow programs to continue to use the old global names for things, whilst assigning them per-session names under the covers. So the CSRSS can continue to use the name "\BaseNamedObjects\CsrStartEvent" for an event object, and the kernel's Object Manager ensures that for (say) session 3 the actual name used under the covers for that event object is "\Sessions\3\BaseNamedObjects\CsrStartEvent".

Because this mechanism was introduced to support multiple users logging in to the system simultaneously via Terminal Services, the name "session" was used for it, on the mistaken grounds that it mapped onto the concept of a login session. But it does not. With Terminal Services (and indeed with Fast User Switching), users can log in and log out arbitrarily within the same "session". A single "session" can comprise an arbitrary number of login sessions. The two concepts are not the same.

A "session" is simply a bodge added to the kernel's Object Manager to fix a broken DOS Think assumption made by a lot of code on the rest of the system. It provides a partial virtualization of the Object Manager's namespace.

Windows NT has two other mechanisms that are closedly related to "sessions":

  1. Strictly speaking: On Unix and Linux a "session" is a collection of process groups that is managed by a "session leader". It is a kernel concept. Whereas the concept of a "login session" is an application concept, which the kernel is wholly ignorant of. When one has logged in using the TUI login program, one's initial shell process is set up as a session leader by the login program, all process groups belong to the same session, and the "login session" is effectively synonymous with the "session" managed by one's initial shell. When one has logged in via the GUI login program, however, the concept of a "login session" is unrelated to any kernel "session"s, and is instead denoted by the lifetime of one, selected, graphical program (usually one's graphical desktop user interface program). The kernel concept of "sessions" is not used by GUI login programs.

  2. A "terminal" in Terminal Services is more akin to a remote X Window System server in Unix/Linux than it is to a Unix/Linux "terminal". Once again, the terminology does not align.

  3. Terminal Services provides remote terminals. It does not provide "multi-head" support, where multiple display adapters, mice, and keyboards can be attached to a single physical machine and assigned to multiple "heads", i.e. physical stations where individual interactive users have their own individual collections of input and display devices. Windows NT does not yet have proper multi-head support. Multiple users can be logged in simultaneously, but "Fast User Switching" only allows multiple users to share one single "head" by switching it amongst them. They cannot interact with the system simultaneously using their own individual input and display devices, via multiple "heads".

© Copyright 2006,2008,2012 Jonathan de Boyne Pollard. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this web page in its original, unmodified form as long as its last modification datestamp is preserved.