Multiple users assigned same session ID at once

Question

I'm seeing multiple users logging in to my .NET 3.5 web application and sharing the same session ID. This appears to be happening most often when users are on different computers on the same network, but it appears to be happening between users on different networks as well. My users are logging in within a minute of each other and getting the same session ID. Consequently, user B is seeing user A's data.

We are using multiple worker processes on the Server 2003 R2 box. Session AND viewstate are stored in SQL Server. Session is set up to use cookies, not URL, to store the ID.

This question is similar to these questions, but neither matches my scenario:

This one turned out to be a false report

This one used IIS7 <--It particularly looks like this one, but I'm on IIS 6, which does NOT use dynamic output caching, right?

Why is my application assigning the same session ID to different machines? How can I stop it from happening?

Edit: I am highly skeptical that session is the culprit, but I am being outweighed by my colleagues. It is more likely that there is a code problem, but I can't explain why the session IDs that we are logging are identical. Yes, there could be a problem with the logging code, but that wouldn't explain why user B is getting user A's stored session data.

Answer 1

Do you have any code that is static (shared in vb.net). This could cause the problem. Also, Session is not truly initialized until something is actually stored in session.