Implementing SessionAware is the best way to get access to the session, and makes testing easier.
If you're getting session "crosstalk" then it's nearly certain you're doing something wrong; without code (and possibly configs) it's impossible to help.