You can either reset_session the moment someone reaches your login page or just after defining your login method reset the session but this will also clear any session which you might want to have before a user logs in ie the url user tried to access.
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks