session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
I would like destroy() to do the whole thing. Please extend it. If somebody needs the current version, then both behaviors could be kept, one of them could be chosen by an argument to the method.