I am using Tomcat to host a site developed using JSP and Java beans. Whenever a user logs into this site a session is created and is terminated when the user presses log out button. There is a problem however, that the session remains active if the user closes the browser without logging off. I am aware that HTTP is a stateless protocol, but I would like to find out if there is a way by which I can detect whether the client is still connected to the website or moved on so I can invalidate his session. Thanks for the help.
Not really - there's no real difference between running 2 browser windows attached to 2 different websites and one window where the user bounces back and forth between the 2 websites, as long as the client-side session context is preserved. By which I mean that either cookies are in use or the user is clicking on rewritten URL rather than manually entering one (since a manually-entered URL is unlikely to contain the session ID). You'll do better to just shorten the session timeout if that's a problem. That also allows for the case where a user "logs out" because their computer crashed.
An IDE is no substitute for an Intelligent Developer.