When used outside stored routines, SESSION_USER, USER, and CURRENT_USER all return the authorization identifier of the user that created the SQL session.
SESSION_USER also always returns this value when used within stored routines.
If used within a stored routine created with EXTERNAL SECURITY DEFINER, however, USER and CURRENT_USER return the authorization identifier of the user that owns the schema of the routine. This is usually the creating user, although the database owner could be the creator as well.
For information about definer's and invoker's rights, see CREATE PROCEDURE statement or CREATE FUNCTION statement.
SESSION_USER
VALUES SESSION_USER