Seems to me like this sort of question was brought up before and I think there's a JIRA issue for it. For whatever reason Identity.logout doesn't invalidate the session. You could make that call manually though and things should work as expected.
I figured it was in JIRA but i didn't actually look.
Things work as excepted if i just do the call manually
Can you please post your solution?
Get a handle on the current session either through injection using Seam Servlet / Solder (in 3.1.0) and call invalidate()
Oops, either through injection or if you're using JSF via the FacesContext