ViewState is a hidden field in the current page and not shared with other users. Session is server memory unlocked by a key in a cookie which also belongs to the current user and is not shared. It sounds like you have a static variable which is shared by all web application users. I can't be absolutely sure since we cannot see the source code but what you describe can certainly be caused by a static variable.
I think you want to cache data by user. There are several approaches. The community needs to know more about your requirements and how the application is intended to work. Session and ViewState are solid approaches depending on your needs. ViewState exists only on the current page and persists between post backs. Refreshing the page from the address bar or following a link will clear ViewState. Session stays with the user as long the users Session has not expired.
Another option is page caching which is covered on the docs. You get to control how pages are cached which if you are not careful can leak into another user's context.