So far I understand Httpsession concepts in Java.

 HttpSession ses = req.getSession(true);

will create a session object, according to the request.

setAttribute("String", object);

will, bind the ‘String’, and value with the Session object.

getAttribute("String");

will return an object associated with the string, specified.

What I am not able to understand is: I am creating a session object like
HttpSession ses = req.getSession(true);
and setting a name for it by calling setAttribute("String", object);.
Here, This code resides inside the server. For every person, when he tries to login the same code in the server will be executed. setAttribute("String", object); in this method the string value is a constant one. So, each session object created will be binded by the same string which I have provided. When I try to retrieve the string to validate his session or while logout action taken the getAttribute("String"); ll return the same constant string value(Am I right!!?? Actually I don’t know, I’m just thinking of its logic of execution). Then, how can I be able to invalidate.

I saw this type of illustration in all of the tutorials on the WEB. Is it the actual way to set that attribute? Or, real application developers will give a variable in the “String” field to set it dynamically

(ie. session.setAttribut(userName, userName); //Setting the String Dynamically.. I dono is it right or not.)

And my final question is

WebContext ctx = WebContextFactory.get();
request = ctx.getHttpServletRequest();

What do the two lines above do? What will be stored in ctx & request?
HttpSession ses = req.getSession(true); will creates new session means. What value stored in ses.