It depends on your app and your deployment.
If you're clustering with session replication, binding non-serializable objects to session will prevent replication from working.
Also if you need to be able to restart an application (or the container) without killing your users's session this could cause a problem as some containers (
Tomcat for one) achieve this by serializing the whole session to disk when the app shuts down and then deserializes them when the app starts back up.
Also, if your container is storing session information in a database, it will need to be able to serialize them.
Why can't you implement Serializible?
What are you holding in these objects that can't be serialized?