When you are done using an attribute, it's always polite to clean it up and remove it from the session.
I did notice the DBID as the attribute. If the attribute being put in the session is used universally for all users accessing that application, you might want to consider putting it into the ServletContext, as opposed to the session. With a session, the attribute is duplicated for every user. If it's put into the context, every user shares the same value, which is very efficient.
Its definitely a good idea to remove it once its no longer in use. House-keeping should be done else you may run out of memory.
If you're dealing with clustering, the more objects you store in the session, the more work the server has to do to replicate the session. And all these add overheads to your server and could affect your application performance.
Unless very necessary, try putting it into the request object, else your application may not be that scalable.
session.invalidate() will invalidate the whole session, including all scope variables set within it. Sort of like using dynamite to open a jar of pickles. [ December 10, 2006: Message edited by: Bear Bibeault ]