A session lasts until your visitor closes their browser - if they navigate away to another page, then return to your site without having closed their browser, their session will still exist . This behaviour is usually desirable - potentially your visitor's session data might last for days, as long as they keep browsing around your site, whereas cookies usually have a fixed lifespan.
If you want to explicitly end a user's and delete their data without them having to close their browser, you need to clear the $_SESSION array, then use the session_destroy() function. Session_destroy() removes all session data stored on your hard disk, leaving you with a clean slate.
To end a session and clear up its data, use this code:
There are two important things to note there: firstly, session_start() is called so that PHP loads the user's session, and secondly we use an empty call to the array() function to make $_SESSION an empty array - effectively wiping it. If session_start() is not called, neither of the following two lines will work properly, so, again, always call session_start()!