The session ID wont change unless you close the browser between orders or manually destroy the session.
To manually destroy the session, add the following code to the checkout success page, after the </html> tag:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
@setcookie(session_name(), '', time()-42000, '/');
}
// Finally, destroy the session.
session_destroy();
?>