It sounds like you're using an in process session state in a web gardening environment.
When you publish your website to a server, it runs within an application pool. This application pool will have multiple worker processes. Each worker process is ignorant of each of the other worker processes.
So if you're using an in process session state (Or assigning state data to static variables) you're not guaranteed/are unlikely to get the same process with a subsequence request. The next request will have a worker process for which none of the authentication values have been set.
You need to switch to an out of process session state. This means each of the worker processes has access to the same session data. So it doesn't matter which worker process serves the subsequent request.
Read the following article which covers the different state services. I'd suggest using the "StateServer" mode.
ASP.NET Session State Overview[
^]
You can easily test this by tuning your application pool to use just worker process. Although I wouldn't suggest this as a solution for a production environment.