if(is_array($_SESSION) && count($_SESSION) > 0)
foreach($_SESSION AS $var=>$val)
$_SESSION[$var] = '';
$GLOBALS[$var] = '';
$$var = '';
setcookie (session_name(), '', (time () - 2592000), '/', '', 0);
You might be able to guess from that, that I've been trying for a while to either set the value to '' or totally unset the particular session variable.
I have used the above in an auto-redirecting (session-killer) page and in a main page that doesn't redirect.
A page on the site with
if(isset($_SESSION['varname']) && $_SESSION['varname'] != '')
// this gets executed after all the unsetting
has the session var miraculously reappear.
The buglist has a few references, most of which are slammed down as 'bogus' without any of the php developers actually informing how to unset a session variable so that it isn't accessible on the next page.
4.3.2 bug notice