The simplest solution I can think of is to attach an alert box to the PayPal Standard submit button that warns the user that they will not be able to change their order past such-and-such point. Or just not use PayPal at all at that level - I myself only offer PayPal options at the business account level 'cuz I myself don't always trust sites that redirect to someone else's payment site.
I'm puzzled as to why destroy the session at all; I actually went through some pains to actually preserve mine so that I can send an email to the customer to let them know that payment was processed (..or rejected).
It's difficult to say; there are just too many methods of skinning the proverbial cat, and in lots of ways I think the cart software I built does lotsa things just the opposite of the ways you're doing them.
Why bother destroying the session at all? Why not just unset or null-out the appropriate variables?