diff --git a/mandaye/auth/authform.py b/mandaye/auth/authform.py
index 7d1587d..a12b4cb 100644
--- a/mandaye/auth/authform.py
+++ b/mandaye/auth/authform.py
@@ -206,6 +206,10 @@ a password_field key if you want to encode a password.")
 
         asso_id = Association.update_or_create(self.site_name, sp_login,
                 post_values, unique_id)
+        old_association_id = env['beaker.session'].get('old_association_id')
+        if old_association_id and old_association_id != asso_id:
+            Association.delete(old_association_id)
+        env['beaker.session']['old_association_id'] = None
         env['beaker.session']['unique_id'] = unique_id
         env['beaker.session'][self.site_name] = asso_id
         env['beaker.session'].save()
@@ -261,6 +265,7 @@ a password_field key if you want to encode a password.")
         qs = parse_qs(env['QUERY_STRING'])
         if condition and eval(condition):
             Association.update_last_connection(association['id'])
+            env['beaker.session']['old_association_id'] = None
             env['beaker.session'][self.site_name] = association['id']
             env['beaker.session'].save()
             if qs.has_key('next_url'):
@@ -268,6 +273,8 @@ a password_field key if you want to encode a password.")
             else:
                 return response
         else:
+            env['beaker.session']['old_association_id'] = association['id']
+            env['beaker.session'].save()
             return _302(self.urls.get('associate_url') + "?type=failed")
 
     def login(self, env, values, request, response):