Hello,
I'm using seam 2.1SP1 and switched to autoLogin functionality of RememberMe component.
I use JpaTokenStore to handle cookie-tokens and now see that old tokens remain persistent after succeded logout/login actions.
After short lookup to source code it seems to me that some modifications needed to logout event processing or to postauthenticate actions. May be it will be better to invalidate all persistent tokens at logout.