Sessions as in maps of stuff that hang around in memory between request invocations are not very compatible with 12 factor apps, so probably not terribly common.
You could probably hook up a filter and a RequestContext to create a session-like experience, but would definitely be careful there...