Generally sessions in web applications expire after a stipulated max inactive interval. To my knowledge primarily the reason is if the session objects are not invalidated they keep exhausting the memory. So my question is
A. Is there any other reason other why web applications timeout the user session after an inactive interval?
B. Social sites never timeout the user session even if you just leave them for the entire day. How do they manage sessions? Don't the active sessions exhaust memory on their servers or JVM to be specific?
For point A , security can be another reason for invalidating session.
For point B, we do have option in Java to configure ever running session. About whether they exhaust memory of JVM depends upon what values do we store in Session.
I'm not exactly sure what the question is here, but it's entirely within the rights of a web application server to periodically scan its session collection and discard sessions which have exceeded the timeout limit. In other words, don't expect that you have to explicitly dispose of sessions.
The Tomcat webapp server will store serialized sessions in a work directory. This can cause a session to be have continuity over a shutdown/restart of the webapp server. I haven't checked, but I'm sure there are options that control this. Plus, of course, Tomcat supports alternative session storage to help facilitate clustering between discrete JVMs.
An IDE is no substitute for an Intelligent Developer.