We're working on a clientsession integration package for Happstack.  Getting sessions right is harder than it might seem, especially as we'd like to do something more interesting than a key-value store for Happstack. In the mean time, you could perhaps do something simple yourself, such as generating a session ID with the entropy package and store that in a cookie as base64. Then you can use that ID to look things up in acid-state, for example.

Have you looked at this for authentication? http://src.seereason.com/happstack-authenticate/