Recently I had a similar issue in a web application I developed myself. I took quite some time to debug this issue but I finally found out what is causing the IllegalStateException when the session is accessed.
The problem occured when the time to complete the HTTP request was longer then the session timout configured for the web application. In such a case Tomcat will invalidate the session when the request is still ongoing. If the web application then tries to finish up the request and tries to update a session attribute the described IllegalStateException will be thrown.
The workaournd for this would be to set a higher session timeout for the web application. Usually this can be done in the web.xml file but I'm not sure if this is possible for JIRA or if JIRA somehow ignores/overrides the setting in the web.xml.
Also it would be interesting to know if the error occurs just for long running request and what the default session timeout for SOAP requests is in JIRA.
This issue has been marked as Resolved but I'm not sure if this is really the case. Maybe it should be reopened.