If you mean this by manually using removeAttribute() for every single attribute which can be obtained by getAttributeNames(), then this makes really no sense. I'm not sure whether it's the course/tutor which is bad or that you misinterpreted the course/tutor.
So one of my classmate asked - "How about we delete the HttpSession permanently after we've done using it?"
Yes, you can "delete" it by invalidating it.
Any subsequent request will force the server to create a new session. The redirect is by the way not necessary, but mandatory if you'd like to present the view in a fresh new session.