Session::endSession() calls mongoc_client_session_destroy(), which frees the session object; however, it leaves the intern->client_session as-is. This can lead to a double-free (later from php_phongo_session_free_object()) or possible use-after-free bugs due to other methods. The double-free case is trivially fixed by assigning NULL after calling mongoc_client_session_destroy() but the use-after-free fix will require additional checks in other methods that currently assume intern->client_session is non-null.

Note: We typically don't assign NULL to our resource pointers after destroying them because that destruction happens during a free_object handler and the zval struct will soon be freed; however that is not the case for endSession().