You can use a HttpSessionListener to know when the session is destroyed. This won't tell you about the case where a user closes the browser and immediately opens a new browser though. The original session is still alive for X minutes. One approach is to give the user the option of killing the old session. You'll need to track more information for this approach.
The calculation you suggest won't work. What happens if a user logs in at 9am and then clicks something in your app every 10 minutes all day? The session will still be alive after the default session timeout. You'd need to track "last active time" for this rather than login time.