The session needs to be derstroyed on the Checkout success page.
If you haveother sessions you wish to save, convert them to application variabels, destroy the session, start a new one, then reset the session variables from the application variables.
For example, if you have a session named UserID you wish to save add the following to the checkout success page after the closing html tag:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();
//save the UserID Session Var
$userID = $_SESSION['userID'];
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
@setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
// Start a New Session
session_start();
// reset the userID session var
$_SESSION['userID'] = $userID;
?>