If you want to change the session id on each log in, make sure to use session_regenerate_id(true) during the log in process.
session_start();
session_regenerate_id(true);
?>
To forget the session start is the most common error. This must be put at the first line of codeĀ to work properly.
Document here the code and scripts for killing session. could be on page unload or with a logout button.
I had some stuff going using the flash and a backend. If you need to check it out, its here, but I think you have the sesh stuff on lockdown. Now just need to bust out the device detector.