OK, I found a solution for my topic. I copy just all $session values to a bypass array, clean up this array from user related data "_user" and push my stored values back to the new session. I think only the $session key "_user" contains sensible data? In sum, user is after logout "guest" again, but my $session vars got not lost...
# COPY SESSION VARS
$session_bypass = $session->getAll();
# LOGOUT USER / RESET SESSION
if ($user->isLoggedin()) {
$session->logout();
}
# REMOVE USER DATA FROM SESSION COPY > DELETE KEY "_user"
if (array_key_exists ("_user", $session_bypass)) {
unset ($session_bypass["_user"]);
}
# RESTORE SESSION WITHOUT "_user" KEY
foreach ($session_bypass as $key => $value) {
$session->set($key, $value);
}