Web Server Session-Based Caching Security Issue?

I am wondering if what I’m doing is a good practice. Please advise. Thanks.

My web application server caches generated chart images for users to enhance performance. The images are stored in session-based folders, where the folder name is generated. Let’s say user1 plotted a chart and is cached on the server here: webapp\sessionFolder\aklfq13d10jd10\image.jpg

I disabled IIS7 directory browsing. But I find that other users of the system, can access the image too, if they input the full url. But they’re not supposed to see it as it is cached for user1.

How can I avoid such illegal accesses? Or is there a better practice to implement such web caching?

Thank you!