> My understandng is that req.getSession() would make me a new,
> valid session, then req.isRequestedSessionIdValid() would
> return true if it indeed was valid.
You are sort of right. The problem is that HTTP is stateless, meaning just because you call HttpServletRequest getSession() doesn't mean the client's browser suddenly keeps session information. Usually to make a session your web server will send a cookie (jsessionid if I remember the name right...) to the client's browser in a response and on subsequent requests the browser is expected to send back the cookie to identify itself with a session in your web app.
It looks like your problem is you are only starting the session on your server, and isRequestedSessionIdValid() returns false because the client never provided a session ID since it never had one. Try browsing to the same servlet multiple times using the same browser, it should start to say 'true'.
-- we have a whole chapter devoted to state management. I'm happy to help work through your example here, but if you want a full treatment on the topic, I suggest looking in to the book