#6 misstyped password

[Laszlo Teglas]

When the user types in the wrong password in the login
form, this password is stored in the session variable.
There is no way of removing this until the session
expires, because all subsequent loggins first make a
call the the database in the Application.cfm file using
the wrong password.

We need to flush the old login session variables,
everytime someone tries to login using the form.