Best How To :
A Websocket connection starts with a HTTP handshake. On the handshake you also receive cookies (e.g. the session ID cookie) so you get access to the HTTP session.
From the JSR 356 Java API for WebSocket spec:
Because websocket connections are initiated with an http request, there is an association between the HttpSession under which a client is operating and any websockets that are established within that HttpSession. The API allows access in the opening handshake to the unique HttpSession corresponding to that same client.
That's the point to associate a HTTP session with a websocket connection in whatever way you find fit.