getsessionid: don't ever return while locked

Also, check for the session sharing bit instead of comparing pointers