Ray,
We put the following code at the end of success page.:
<?php
session_start();
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
?>
<?php
session_start();
session_regenerate_id (true)
?>