It seems that not much survives contact with students!
Basically if the freenx session isn't correctly terminated or established then desktop processes and a nx process are left running to the server which will prevent them logging in again.
However I am not the first person to notice this:
PSI Labs who use the technology have developed a RPM of scripts to manage this properly called nxcleanup. A user session has the standard number of processes for the desktop however there is an associated nx process that the student doesn't own. So the script nxclean would need to be run as root.
How do I enable a student to run a script as root that wipes out processes of an arbitary user?
Simple: Use a setuid "shim"! Write a trivial C program that takes no inputs (or has very, very thorough sanity checking!) which identifies the current user using posix calls and then exec's the script after passing it the current username. Nifty eh? This is a standard way of making scripts run safely as root. I'll post it as soon as I am done.