It's the container that checks for session validity.
This means that once a request is accepted by the container to contain a valid session and the associated server side process invoked to service it, there isnt any danger of the session being invalidated at any point further on in that request cycle, irrespective of the length of the time taken by the process to service the request.
However the next request may not have a valid session. By the time the response is sent to the browser and the client makes the next request, the time elapsed between that request and the previous one would be greater than the max inactive interval.
This is because the Servlet/Jsp takes a longer time to process the first request than the max inactive interval of the session. The container unaware of this, just checks the time between 2 subsequent requests and finds that the difference is greater than the max inactive interval and invalidates the session.
The above maybe container specific and you have to
test it out on the server you are working with.
You should consider setting the max inactive interval to a value greater than the sum of the maximum time that the servlet may take to process the request and the maximum think time.
ie session timeout > max server side process time + max allowable think time
cheers,
ram.