A session is a contract (session id) between the http client (browser, usually) and server that is transported through a parameter or header etc and a new session is usually created (for a stateful app) if one is not present.
The same session is usually used for a single browser (or in IE case, browsers spawned from same parent process)
The conversation id acts as an additional
sub-session-idto keep track of different paths within a session. The user authentication is usually tied to a single session.
So no, if you are logged in someone can sneak up on you, hit you unconscious and continue typing in your browser (or spawn a new tab etc) and seam won't know the difference ;-)