You can get access to the HttpServletRequest in your login module using the JACC API, but if the user has not generated a session, it may not be available. See http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessingServletRequestForAuthentication
As usual junkie.... you da man!!!
Perfect solution for me as the user would have logged in at the point I wanted to access the session.... it's basically a bit at the end of my overidden login() method that only gets executed if the user has logged in successfully.