Index: core/authentication_api.php
===================================================================
--- core/authentication_api.php	(revision 211)
+++ core/authentication_api.php	(working copy)
@@ -265,6 +265,8 @@
 			auth_http_set_logout_pending( true );
 		}
 
+		session_clean();
+
 		return true;
 	}
 
Index: core/session_api.php
===================================================================
--- core/session_api.php	(revision 211)
+++ core/session_api.php	(working copy)
@@ -58,6 +58,8 @@
 		session_cache_limiter( 'private_no_expire' );
 		if ( isset( $_SERVER['HTTPS'] ) && ( strtolower( $_SERVER['HTTPS'] ) != 'off' ) ) {
 			session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), true, true );
+		} else {
+			session_set_cookie_params( 0, config_get( 'cookie_path' ), config_get( 'cookie_domain' ), false, true );
 		}
 		session_start();
 		$this->id = session_id();
@@ -85,7 +87,10 @@
 	}
 
 	function destroy() {
-		unset( $_SESSION );
+		if ( isset( $_COOKIE[ session_name() ] ) && !headers_sent() ) {
+			gpc_set_cookie( session_name(), '', time() - 42000 );
+		}
+		//unset( $_SESSION );
 		session_destroy();
 	}
 }