Is working with the Session thread-safe?

Question

Consider a user making multiple requests at the same time, do I have to lock all code that works with the Session?

If for example I have the following scenario, where in

Answer 1

As always, the answer depends on what you mean by "safety." In ASP .NET, each request gets exclusive access to its session state. This means that you don't have to worry about synchronizing access within the scope of a single request. If Session["user"] is non-null, then it will be non-null for the entire duration of the current request. In your example, request 1 will never throw a null reference exception.