So, you want to be able to access other user’s session state from the session id, right? Well, I don’t know if you should, but you definitely can do that! 
Here is an extension method for that purpose. It uses a bit of reflection, which means, it may not work with future versions of .NET (I tested it with .NET 4.0/4.5).
1:publicstaticclass HttpApplicationExtensions
2: {3:privatestaticreadonly FieldInfo storeField = typeof(SessionStateModule).GetField("_store", BindingFlags.NonPublic | BindingFlags.Instance);
4: 5:publicstatic ISessionStateItemCollection GetSessionById(this HttpApplication app, String sessionId)
6: {7: var module = app.Modules["Session"] as SessionStateModule;
8: 9:if (module == null)
10: {11:return (null);
12: } 13: 14: var provider = storeField.GetValue(module) as SessionStateStoreProviderBase;
15: 16:if (provider == null)
17: {18:return (null);
19: } 20: 21: Boolean locked; 22: TimeSpan lockAge; 23: Object lockId; 24: SessionStateActions actions; 25: 26: var data = provider.GetItem(HttpContext.Current, sessionId.Trim(), out locked, out lockAge, out lockId, out actions);
27: 28:if (data == null)
29: {30:return (null);
31: } 32: 33:return (data.Items);
34: } 35: }As you can see, it extends the HttpApplication class, that is because we need to access the modules collection, for the Session module.
Use with care!