I think you are misunderstanding the statelessness of REST. Each HTTP request is stateless in the sense that it can be understood without having previous HTTP requests around. But you can build sessions on top of that (= into your application) and that is not "against the rules".

Also, with regarding to REST "front-end servers" aren't part of the discussion, but an implementation detail.