try changing this code:
// Finally, destroy the session.
@session_destroy();
@session_regenerate_id();
to:
// Finally, destroy the session.
@session_regenerate_id();
@session_destroy();
@session_start();
@session_regenerate_id();
I have seen some servers hold onto the ID when they should not be.