You did not share the code to set the value for the session variable. Did you do this?
Session["user"] = new User();
If you did this before getting the value, only then you can get the value back from the session. This is exactly why it is recommended to use a conditional-block around the statements where you try to get the values. Also, Session variables can be removed programmatically, make sure your application is not refreshing the variables. If it is, please remove those statements.
Session.Clear()
etc. such functions are meant to clear the values once they are no longer needed,
before the session expires.
For more discussion and overviews please read:
ASP.NET Session State Overview[
^]
HttpContext.Session Property (System.Web)[
^]
.net - C# Clear Session - Stack Overflow[
^]