I learnt something today. ASP.NET sessions are dangerous. I would be very wary of using ASP.NET for web development and I’d at least disable the Session State.
I learnt that if a browser sends two requests to an ASP.NET website and if both of them belong to the same session (have the same SessionID) then ASP.NET will not execute them concurrently. The second request is executed only after the first one is done executing. For more information, check out the section called Concurrent Requests and Session State. This essentially makes your application single threaded for a given session.