the success page you sent does not have the session destroy code on it, not does it have a line 414 where the error is being reported. it doesnt seam to be the copy of the page that is generating the error, but perhaps try this code for destroying the sessions instead:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
@setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
I dont see any code for PayPal Express on either the checkout or confirm page.
For express checkout, the session destroy code will need to be added to the pp_checkout_success.php page as well.