1) you need to use the IPN post that is returned from paypal.
bear in mind that with Payments standard in sandbox mode, paypal does not do an IPN post, you need to use their IP simulator to send the ipn post to your ipn page:
e_howto_admin_IPNTesting
ipn-test-outside
2) add the following code to the success page after the </html> tag:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
@setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
@session_destroy();
?>