I think you have two choices to invalidate your HttpSession with Seam:
a) if you use Seam security features try
b) if you don't use Seam security features try
Both options will will clear out your HttpSession after the request ended.
Hope this helps, Thorsten
p.s.: you may also want to have a second look at your upload bean again because usually you shouldn't need SESSION scope for this.
You should definitely be using a conversation-scoped component for this. Look at RegisterAction in the seamspace example, it's conversation-scoped and receives an uploaded file.