I would like to comment on the SQL here. As has been suggested already and you replied, you should use placeholders to avoid SQL Injection, and to allows the database to reuse the same statement.
It looks as if you are looking for year and month, if so, unless you are required to pass those dates, you should create them on the fly, especially because of leap years adding an extra day to February.
Anyway, the issue here is likely that the values are not being changed into DATEs. Let me explain, because a lot of people misunderstand how dates work in databases. A database stores dates in an internal format which is not available to the user. Instead, every time a date is input or output, it is formatted from or to text (or any other type you specify). That is, you input text and ask the rdbms to turn it into a database-date for you via a function, and when you output a date, you ask the rdbms to turn it into text for you. Both of these can always be done explicitly, though at times it is done implicitly. There are usually default date formats and rdbms-specific functions to do these actions for you. OTOH, you can usually use the ANSI date, by predicating the date string with DATE, as long as you only specify the year, month, and date. Also, while the the date can be turned into a string for comparison, this is redundant, and can lead to calculation errors, so it is best to leave it as a date.
As i would rewrite the statement as follows, using something like TIMESTAMP:
SELECT DISTINCT Fid_Cust FROM Session WHERE Dat_End BETWEEN TIMESTAMP(?) AND TIMESTAMP(?)";