Whether a session with the client has been started explicitly via
WebSession.start() or implicitly by adding session attributes.
If "false" then the session id is not sent to the client and the
WebSession.save() method is essentially a no-op.
Save the session through the WebSessionStore as follows:
If the session is new (i.e. created but never persisted), it must have
been started explicitly via WebSession.start() or implicitly by adding
attributes, or otherwise this method should have no effect.
If the session was retrieved through the WebSessionStore,
the implementation for this method must check whether the session was
invalidated and if so return an error.
Note that this method is not intended for direct use by applications.
Instead it is automatically invoked just before the response is
Return true if the session expired after maxIdleTime elapsed.
Typically expiration checks should be automatically made when a session
is accessed, a new WebSession instance created if necessary, at
the start of request processing so that applications don't have to worry
about expired session by default.