The issue of sharing session data between applications is a complex one. I have dealt with it when implementing my framework Shipka JDF, because I wanted to provide such functionality. The framework comes with sample applications demonstrating how do that. The solution is based on the following design. You have a main application that intends to integrate the functionality of another application that is deployed separately. Within the main application you create a presentation component that is mapped to the integrated application. By doing this you will access the integrated application through the main application (using the main application authentication capabilities). The integration capabilities also enables the main application to intercept events within the integrated application and take the control back. Let say that the main application is an order entry system and integrated application implementes payment functionality. Within the order workflow you get to the point when the user needs to pay for the items. You invoke integrated application and intercept the event when the user confirms the payment. At that point you want to get the control back to the order entry application, so you can continue with that workflow. You also want to get the payment object that is stored at the user session of integrated payment application, so you can save it when the order is submitted.
Shipka JDF allows you to do that. The only downside is that both applications need to be implemented using Shipka JDF architecture, since it does a lot of work to make it happen. It also ensures that the user session of the integrated application does not expire unless the main application user session expires.
Hope that helps.