Is it possible that User Session States might overlap, resulting in one user reading the session state of another one

We have a web appliact开发者_运维知识库ion where we are nonintoxicating users in a log in form, after log in, we are keeping the user info ( user info, user id, ...) in a session state, now under pressure, sometimes and very rarely we get from clients that they are logging in with their user name, but after login they found themselves with some boy else's name, and reading their data, as if they are reading other user's session. Could this be the issue?

The only way I could see that happening is if they somehow shared the same session ID, which would probably only happen if you're managing session state in SQL server. If you're using standard InProc session state, that would be highly unlikely.