First off let me say that it has been a while since I've used Mojolicious. Second you said "after the redirect, session still contains the username which was logged in" but you haven't provided any code that shows how you know this. Are you certain that the username is coming from the session and not the stash?

If you can provide a SSCCE then you'd really be helping everyone to help you solve this.