I hope someone out there has some update to date information on sessions and their IDs.
I'm running on IIS 7 and we're seeing Sessions assigned to more than 1 IP address.
I ruled out the possibility of it being caused by users resetting their IP addresses, for instance by unplugging their modems.
In at least one instance a user logged in and found data from a different user in had been saved to his account (the user IDs that determine in which account the data is stored are kept in session variables). In another instance an employee logged in to check a problem as was given the session of a different user.
It's not just the session variables, but I saw in our log the session ID itself is being associated with two different IP addresses. At one point this was happening with over 10% of our users.
I'm wondering if the problem is not in our system, because I'm seeing that in each case the IPs sharing a session ID are on the same ISP or share at least one NameServer.
I very much welcome any ideas, we're getting desperate!