There are lots of ways to do this fairly well but there is no foolproof way that will stop someone who is really determined to screw up your poll.
The easiest way to do this is to create a new variable in his session called "processed". Before you process his data, check to see if processed has a value. If so, then ignore the submitted data. If not, then process the data and set processed = 1.
There is no need or reason to flush his session. Quite the opposite, you want to keep the session so that you can see if processed exists.
Of course, if he really wants to screw up your poll, He can write a script that connects to your site and submits his vote. Everytime his script connects, he gets a new sessionid so you can't track him and he screws up your results. So then you could start watching for posts from the same IP address but with some work, he could post to your site from various proxies. If that happens, then it's harder to know which is a real post. Of course, most people don't know how to do that kind of stuff so it's not very likely to happen unless this is a really popular site with millions of visitors per day... If that's the case, then some of those visitors will know how to screw up your poll with proxies. (In which case, you'll need to have people create an account before they can vote in your poll).
