fwiw, we log both the session id and the address of the web api for that session in a database (also datetime, user login name, etc). Also log the datetime when they log OUT so we have an idea how many users are in the system at any one time.
That allows you to check things faster/more easily for a specific session since you don't have to look for it over several webapi servers.
You may still need to check all of them if you are looking in aggregate.
This logging approach provides the server addresses of all in use webapi servers - allowing you to use tools that automatically spin up (scale) the webapi servers. this way you can check each server without knowing (hard coding) webapi server addresses.