IMHO it is a bad practice.
i think this isn't a memory 'leak' in strict meaning, but may lead to memory saturation.
however this will happen if you have
- a small amount of memory
- heavy session objects
- many users
- container that does not serialize sessions
but if one or more of these conditions are not met, preserving sessions should not be a problem, on memory profile.
i think the worst issue is, instead, on security profile.
session stealing techniques are very effective in this scenario: an attacker can use a stolen session days after the theft.