Invalidating session in java
The servlet also displays all the bindings for the current session, just because it can. Finally, the servlet displays the current count and all the current name/value pairs in the session. A session either expires automatically, after a set time of inactivity (for the Java Web Server the default is 30 minutes), or manually, when it is explicitly invalidated by a servlet.
When a session expires (or is invalidated), the object and the data values it contains are removed from the system.
Beware that any information saved in a user's session object is lost when the session is invalidated.
The rules used to decide when and how to encode a URL are server-specific.If the session is already invalid, the invalidate() method will throw an Illegal State Exception.An object can be notified when it is bound to a session or unbound from a session simply by implementing the Http Session Binding Listener interface.Every server that supports servlets should implement at least cookie-based session tracking, where the session ID is saved on the client in a persistent cookie.Many web servers also support session tracking based on URL rewriting, as a fallback for browsers that don't accept cookies. For a servlet to support session tracking via URL rewriting, it has to rewrite every local URL before sending it to the client.
For example, the Java Web Server has the ability to revert to using URL rewriting when cookies fail, and it allows session objects to be written to the server's disk as memory fills up or when the server shuts down.