On the confirm page, make sure that the code for sending the email is after the store order summary and store order details code.
also on the success page, add the following code after the </html> tag to start a new session:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
@setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
@session_destroy();
@session_regenerate_id();
?>