HttpSession is a context object for a user in a web application. You can identify a user session by the sessionId (stored in a cookie or request parameter). You can store state in the session. Typically a session consists of many user requests. A session is destroyed on timeout, or manually (e.g. on logout). Typical scenario: user logs in, does some stuff, logs out.
"Hibernate session" is a bad name. A better name would have been UnitOfWork. The hibernate session is a context object for the hibernate framework. The session provides access to the db (query, criteria, ...). All objects you load via the hibernate session are registered in the hibernate session. Hibernate will take care to persist any changes made to the session's objects. Typically a hibernate session is a short living object (does'nt live longer than a user request).