you can't share session (data) between application. Since you using servlet, you can't use portalsession neither.
If i understood, you're using jbossportal as container ( and logging solution) and an external application - on the same server - must get identification before processing.
You should look at PortalEventListener ; there's an example on the official doc ( and i posted some sample code in a topic over there).
In a similar problem I went with PortalEventListener and a ejb (an jboss jmx actually), Session id come from the client, so it is indeed the same across application. the listener take care of login/logout authentication (providing id of user) and session cleanup too. it then calls my jmx providing user id and session id. My servlet (dwr) gets information about the current user with its session id.
It's not the more secure solution but suitable for most of web application.
My ejb/jmx needs those jmx :
and register the listener at runtime with :
Hope it helped