Your services and/or repositories must be configured PerWebRequest if they
are using ISession. Otherwise, they'll not get recreated with different
sessions (i.e. they will get created once, on the first time a controller
that uses them is resolved and never recreated with the new sessions).
Since your validators use repositories to access data, they then also need
to be PerWebRequest. Given the cost you mention that it takes to create
them, you'll need to rethink something. One way to fix the problem is to
make the repository dependency come in through a parameter to the Validator
objects, so that it can be supplied dynamically. Another way would be to
extract the costly part of the validator into a singleton service that is
used by the validators, and allow the validators to be created
PerWebRequest, with the expensive part being singletons.
As you mentioned in your message, IDisposable is a problem too, where you
need things with IDisposable to have "similar" lifetimes to their users.
Another approach might be to have a "SessionProvider" or "SessionAccessor"
that is a factory-like object that provides the session from the container
by doing a container.Resolve<ISession>(). On the first call for a web
request, this should create the session, and on later calls, it should
return the same session already created. Unfortunately, you'll have to
figure out how to do the container.Release() that goes with the Resolve, or
else you'll have a memory leak. Hopefully someone else will give some more