If the user logs out with CacheLogout=end, or %session.EndSession=1, the session will end OnEndSession callback will be called and the session will be terminated immediately, and the license will be released. This will be done in the CSP server process, not the CSP.Daemon.
If the user closes the window (or just walks away from the computer), the session and the license will remain until the session timeout is reached. This is done by the the CSP.Daemon, which will periodically wake up and look for sessions that have expired, and end them. Setting EndSession=0 in the callback would prevent the session from being ended. As long as this has been removed, I agree, the CSP.Daemon should be cleaning these sessions up.
Are you able to end any of these sessions through the Management Portal page? (I'm not recommending deleting all of them, this is just a diagnostic test).
If you open a WRC Case, I recommend sending:
1) a Buttons report
2) an export of the Session Events class (just in case)
3) an export of the ^%cspSession global: