Why do you think it’s not matching the incoming ss-id/ss-pid? It uses these session ids to retrieve the Users Session from the ICacheClient.
You can try doing what ServiceStack does so you can debug and see why it’s getting the UserSession it’s getting. Instead of using the built-in [Authenticate] attribute, use a local modified copy of AuthenticateAttribute so you can debug it.
Otherwise try calling IRequest.GetSession() from a Request Filter or Service to see the UserSession that ServiceStack retrieves that request. This is the implementation of GetSession().
If you want to be able to debug the entire Request pipeline you could also clone the ServiceStack repo and have your project reference debug builds of ServiceStack.dll. The master version includes v5 changes, so you may want to use the source code release for your version instead.