Do objects stored in a HTTP Session need to be serializable? Or can it store any object?
Even if your engine does support persistent sessions, it is usually possible to disable this feature. Read the documentation for your servlet engine.
Note that this means that a JDBC Connection should not be stored in a session, however convenient that would be. You can put it in an application scope variable, or in a "transient" field of a private class. Read the docs for the Serializable interface to learn more.