What's lacking in this session management technique?
Whenever we need to put something in session, we do:
And whenever we need to get from session:
Say 1000 users are hitting the site at the same time and same piece of code is getting executed for all 1000 users (requests) - they are doing the same thing. Now this code will be executed in 1000 threads - since request object is different for all 1000 threads, session object will also be different and there will not be any "clash" between users - and they will never access others' information.
Please let me know if my assumptions are not correct.