Hi all,
i am developing a small webapp.In that I am getting database connection when user logs in,and storing it in session.and i am closing the connection and invalidating session when user logs out.
is the above design is correct or not.I dont want to use connection pooling.


From what you said, you make it sound like that you close the connection when the use logs out; Which is wrong.
The rest seem correct, but since your description is kind of vague here is a small suggestion:

In a method:

open connection
validate username, password given
close connection and everything else opened (ResultSet, ...)
return true/false

When trying to login call that method. The method needs to be put in a separate class.

Depending on what returned:
- Log in
- Put username in session.

Upon logout:
- Remove username from session.
- Invalidate session

But the connection needs to be closed immediately when done using it. If you need to run something else open a new one. But don't keep it open throughout the session.

You are probably already doing what I just said, but just in case I misunderstood what you said, I offered my version of login/logout