This week's book giveaway is in the OCAJP forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide 1Z0-808 and have Jeanne Boyarsky & Scott Selikoff on-line! See this thread for details.
SOAP specifically does not say anything about persistence via sessions or any other mechanism so it is up to you, the programmer. The HttpSession mechanism gets activated before your SOAP service sees the request.
If your service is only going to be accessed by browsers implementing cookies, sure you can use sessions. Of course some potential users may have cookies turned off so that could be a problem.