This is my usual approach, see the comments for further details.
session_start();
// 1. unset all of the session variables
$_SESSION = array();
// 2. delete the session cookie
if ( ini_get( 'session.use_cookies' ) ) {
$params = session_get_cookie_params();
setcookie( session_name(), '', ( time() - 42000 ), $params['path'], $params['domain'], $params['secure'], $params['httponly'] );
}
// 3. destroy the session.
session_destroy();