[eluser]CroNiX[/eluser]
For #1, you wouldn't use unset_userdata() after you destroy the session, as sess_destroy() already does that so there wouldn't be a session to unset data on.
#2 would be better I think, and has less code.
It is better to use the session database driver as it can store an infinite amount of session data, whereas cookies have a hard limit, which is different for each browser, but it's safe to assume 2kb max data if using cookies. If you go over that, it could break the session depending on the browser. If you encrypt the session data, it also takes a lot more space to store it.
