An enterprise EJB application must be designed to support various types of client, eg web, Swing, web service, EJB. For such an app, I would say that conversational state should usually be maintained in the business logic layer using stateful session beans. (Another alternative is to store state in the DB, which is secure but slow.) And if you store state in the web tier, this will result in duplicate data storage for the web clients.
For one reason, if you want to use the bean services through some other means, say WAP, you need stateful-ness of the beans.
From a professional/business point of view, the web layer and the business layer should be decoupled as loose as possible in design. Beans are business objects and such an object, where necessary, should maintain state. When we design the work flow, we design to requirements and not to technology.
It is upto us to strike a deal, judiciously, of course, whether we can maintain state using HTTPSession or EJB's, though both give us options.