diff --git a/lib/Horde/Session.php b/lib/Horde/Session.php
index 475d25ab..02159dec 100644
--- a/lib/Horde/Session.php
+++ b/lib/Horde/Session.php
@@ -555,7 +555,7 @@ public function destroy()
         }
 
         /* Fallback for legacy/test contexts without an injector. */
-        if (isset($_SESSION)) {
+        if (session_status() === PHP_SESSION_ACTIVE) {
             session_destroy();
         }
         $_SESSION = [];
diff --git a/src/Session/SessionLifecycle.php b/src/Session/SessionLifecycle.php
index e32176e3..702fee61 100644
--- a/src/Session/SessionLifecycle.php
+++ b/src/Session/SessionLifecycle.php
@@ -311,7 +311,10 @@ public function clean(): bool
      */
     public function destroy(): void
     {
-        if (isset($_SESSION)) {
+        // $_SESSION may be initialised (Horde_Session constructor sets it to
+        // []) without an active PHP session. session_status() is the
+        // authoritative guard; $this->active mirrors it for the normal path.
+        if ($this->active || session_status() === PHP_SESSION_ACTIVE) {
             session_destroy();
         }
         $_SESSION = [];