Session is a important thing between user and server. Server and client know each other by session interface (not java class meaning).
If somebody using their account user account, for paying their bill and other information to server. It should be secure. And secret between user and server.
If somebody forget to logout, server should automatically discard their session to secure their information.
session class has many methods for maximum time limit. or we can change maxtime for session.