diff --git modules/openid/openid.module modules/openid/openid.module
index a9f7ab9..3738b19 100644
--- modules/openid/openid.module
+++ modules/openid/openid.module
@@ -710,8 +710,12 @@ function openid_verify_assertion($op_endpoint, $response) {
   module_load_include('inc', 'openid');
 
   $valid = FALSE;
+  $association = FALSE;
+
+  if(empty($response['openid.invalidate_handle'])) {
+    $association = db_query("SELECT * FROM {openid_association} WHERE assoc_handle = :assoc_handle", array(':assoc_handle' => $response['openid.assoc_handle']))->fetchObject();
+  }
 
-  $association = db_query("SELECT * FROM {openid_association} WHERE assoc_handle = :assoc_handle", array(':assoc_handle' => $response['openid.assoc_handle']))->fetchObject();
   if ($association && isset($association->session_type)) {
     $keys_to_sign = explode(',', $response['openid.signed']);
     $self_sig = _openid_signature($association, $response, $keys_to_sign);
@@ -734,8 +738,17 @@ function openid_verify_assertion($op_endpoint, $response) {
     $result = drupal_http_request($op_endpoint, $options);
     if (!isset($result->error)) {
       $response = _openid_parse_message($result->data);
+
       if (strtolower(trim($response['is_valid'])) == 'true') {
         $valid = TRUE;
+        if (!empty($response['invalidate_handle'])) {
+          // This association handle has expired on the OP side, remove it from the
+          // database to avoid reusing it again on a subsequent authentication request.
+          // @see http://openid.net/specs/openid-authentication-2_0.html#responding_to_authentication
+          db_delete('openid_association')
+            ->condition('assoc_handle', $response['invalidate_handle'])
+            ->execute();
+        }
       }
       else {
         $valid = FALSE;