You can get all three web apps to share the same JSESSIONID by setting the <Manager pathname=""/> setting in WEB-INF/context.xml (this has changed a few times between underlying tomcat versions).
This doesn't solve your problem though, even though all three sessions will share the same JSESSIONID they will still access the session from a different context so their session data will be separate from each other.
Sorry I don't have much more to tell you I just stumbled through this same problem.
My idea is to create a login page which after successfull login takes the cookie session id and the IP address of the users and place them into tables into database. So when user wants to access one of the modules session bean every time takes the cookie and the IP address and compares them with the one from the database. The key point here is the session id. In every module it must be the same. I will make tho identical EAR packages and I will configure JBoss to see is this going to work.