Problem with checkout pages and session

I am very nearly complete on the site i am working on.

I have one last problem to sort out that i think is to do with session variables:

A user is required to log-in before checking out.
and is checked against SESSION['UserGroupID']

If a user has logged in, and enters shipping info on the checkout page then clicks the checkout button, when the order summary with shipping discounts etc is displayed FOR THE FIRST TIME all the details are stored into the database as expected, with no problems.

But if they try to add anything else to the order, change shipping details or navigate away from the confirm page.

Next time they arrive the confirm page the following error occurs:
Unknown column '1d2d1c68fb25abbabad113050281dc8c' in 'where clause'

i can only assume this is the session id, whats going on here?

if they continue with the order from the originals steps (ie clicking checkout instead of changing shipping info, adding to the order, navigaing away) everything works ok they get sent to worldpay the transaction is processed all emails are sent out.

but if they try to make another order the above error happens.

i have added the code from the threads about clearing session variables to my success page, but this is not seeming to clear the session id.
maybe because of the way worldpay calls the response page
the code i have on the end of the response page is:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();
//store the UserID Session Variable
if(isset($_SESSION['UserID']) && $_SESSION['UserID'] != "") {
$UserID = $_SESSION['UserID'];
}
if(isset($_SESSION['UserGroupID']) && $_SESSION['UserGroupID'] != "") {
$UserID = $_SESSION['UserGroupID'];
}
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
@setcookie(session_name(), '', time()-42000, '/');
}
// Finally, destroy the session.
session_destroy();
@session_start();
//Reset the UserID Session Variable
if(isset($UserID) && $UserID != "") {
$_SESSION['UserID'] = $UserID;
}
if(isset($UserGroupID) && $UserGroupID != "") {
$_SESSION['UserGroupID'] = $UserGroupID;
}
?>

and thats is not clearing anything from what i can make out, i have checked i am using the correct session names.

Ideally i would prefer that no orders are stored in the database, until the submit order button is pressed.
but the form on the confirm page submits directly to worlpay, if i set the add summary and detail behaviours to execute on submit_buttonname pressed the details dont get added.

i am assumming that if i set the form to submit to itself then my insert summary and details will work. but the redirect on the add cart details to daabase behaviour wont post the formdata to worldpay via post... as it would use get....

so what do i need to do to get all this working??

would appreciate a quick response as the site needs to be live for the 1st december.

have attached my files for you look at