For HTTP to work best, you should try and keep it as stateless as possible. Keeping state consistent between multiple servers is very much non-trivial. If your web app takes off and needs to be scaled to more than 1 server, design choices such as state machines can really cause you very nasty issues down the line. You either have to keep state across a memcache system, which can get wonky with multiple requests hitting multiple servers, or you have to keep the state encoded inside a cookie which opens up security issues.
Sticking to stateless webapps is nearly always a better choice. Check out some guides to RESTful services to get started.
"new", "approved-by-other-user", "verified-by-admin", "hidden", "promoted".
I agree that at the HTTP level you shouldn't be using FSMs.
They also work great for transactional resources like a shopping cart order.