Sorry Ray, I'll need to digest this slowly.
Taking a look at confirm.php i assume that the hidden field 'invoice' which uses session_id () as a variable is the one which paypal is identifying. Is this correct ?
On my checkout_success page, I use $_SESSION = array(); to (attempt to) clear all session variables
I definitely end up with an empty cart, therefore why the error message ?
I'm a bit confused.