You're defining an initial value of 'baz' for the $baz property, so when you unserialize, PHP recreated baz with that default value despite the fact that it's not part of the serialized object. If you changed the value of baz before serializing, then serialize/unserialize, it will reset baz to that default value of 'baz', rather than to the value you had changed it to.

class Foo {
    public $bar = 'bar';

    public $baz = 'baz';

    public function __sleep() {
        return array('bar');
    }
}

$obj = new Foo();
$obj->baz = 'newbaz';

var_dump($obj);

$serialized = serialize($obj);
$unserialized = unserialize($serialized);
var_dump($unserialized);

Unserializing creates a new instance of the object, and since your definition of the class initializes the attribute, you're getting a default value for it. Try this:

class Foo {
    public $bar;
    public $baz;
    public function __sleep()
    {
        return array('bar');
    }
}

$obj = new Foo();
$obj->bar = 'bar';
$obj->baz = 'baz';
$serialized = serialize($obj);
$unserialized = unserialize($serialized);
var_dump($unserialized);

Edit: Alternatively, you can vardump($serialized) and see that there is no baz in it.