Tomcat has a management
EJB (an exception to to Tomcat's lack of support for EJBs). Whether it exposes session details, I don't know unless I RTFM.
I hope not, however, since that would be horribly exploitable view into people's web sessions.
The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.
You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.