Regarding session invalidation server have thier own default timeout period(in case you dont set it) after which the session will cease to exist.
There was a proposal to add a logout method in servlet 2.4 but had been defered for future version.
Some servers like weblogic 8.1 can detect database connection leaks. Alternatively, you can write you
thread which will reclaim leaked connections.