This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
I normally wouldn't store sessions in the DB, I'd keep them on the app server (or whatever kind of server it is that runs the repository system). A session is really just a glorified Map for each user. Assuming that there are persistent socket connections for each client, the server would effectively keep a Map<Socket, Map<String,Object>> where all session maps are stored with the socket as the key to retrieve them.
What do you mean by a "non-web environment"? If the user is running an app there's no reason to keep session information--it's not a series of disconnected HTTP requests.