I think that replication of the HTTP session actually brings you failover capabilities. As you said, for scalability, the session replicatication adds a drawback in performance (smaller for memory based replication, greater for DB based replication). If you are woried that some sensitive info might be lost in case of web server failure you should probably save it in the database anyway.... another reason is that by having no state in the web tier, it will scale horizontally with no bottlenecks, whereas I believe you would loose some of the possible gains of scaling that way if you have clustered session information.
If you want just scalability you should use sticky HTTP sessions where all requets in a session are served by just one server instance. In this case, maintainng some state on the HTTP session it might actually help from a performance point of view, because avoids web server - (ejb server (- db server)) roundtrips.