In the HTTP protocol, there is no explicit termination signal when a client is no
longer active. This means that the only mechanism that can be used to indicate when
a client is no longer active is a time out period.
The default time out period for sessions is defined by the servlet container and can
be obtained via the getMaxInactiveInterval method of the HttpSession interface.
This time out can be changed by the Developer using the setMaxInactiveInterval
method of the HttpSession interface. The time out periods used by these methods
are defined in seconds. By definition, if the time out period for a session is set to -1,the session will never expire. The session invalidation will not take effect until all servlets using that session have exited the service method. Once the session
invalidation is initiated, a new request must not be able to see that session.