With the logoutFilter.destroySession = true configuration, the web session should be invalidated at logout. And so should be deleted the @SessionScoped beans.

Can you turn on DEBUG logs on org.pac4j.jee.context.session.JEESessionStore and check if you see the log: Invalidate session: xxx?