To handle viewExpiredException in JSF, I coded

<error-page>
    <exception-type>javax.faces.application.ViewExpiredException</exception-type>
    <location>/error.html</location>
</error-page>

<session-config>
    <session-timeout>1</session-timeout>
</session-config>

in web.xml.

In error.html I have redirected to original login page. But the problem is session scoped bean were not cleared out even session expired. Is there any way to solve this?

The login page is likely been requested from the browser cache. Disable it by creating a Filter which is tied to the FacesServlet and has basically the following lines in the doFilter() method, so that you don't need to repeat it over all pages which you'd like to prevent from being cached.

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.