I tend to agree. I think it's at least disputable. Servlet spec is bit vague and I can see only:

When an application is replaced, the container should
provide a robust method for preserving session data within that application.

I suggest to add to InitServlet:

request.getSession().invalidate();