Most commercial application servers support some sort of HttpSession failover functionality. The details of how this is done vary between severs and the load-balancing strategy/product used.
Basically, when a session object is created it is given an ID and saved a table in a database. When the balancer identifies a failure, if goes to the database and gets the session object and sends it to the second server. There are various design strategies for this behavior, i.e. memory-based replication.