diff --git a/lambda/bracery-store.js b/lambda/bracery-store.js
index 8cc4481..db564dc 100644
--- a/lambda/bracery-store.js
+++ b/lambda/bracery-store.js
@@ -21,8 +21,12 @@ exports.handler = async (event, context, callback) => {
   const body = util.getBody (event);
   const revision = event.httpMethod === 'GET' && event.queryStringParameters && event.queryStringParameters.rev;
 
-  // Set up some returns
+  // Get session
   let session = await util.getSession (event, dynamoPromise);
+  const loggedIn = session && session.loggedIn;
+  const symIsOwned = loggedIn && session.user === user;
+
+  // Set up some returns
   const respond = util.respond (callback, event, session);
   const corsHeader = { 'Access-Control-Allow-Origin': '*' };
 
@@ -30,11 +34,13 @@ exports.handler = async (event, context, callback) => {
   try {
     let res = await util.getBracery (name, revision, dynamoPromise);
     const result = res.Items && res.Items.length && res.Items[0];
-    const resultLocked = (result && result.locked && (!session || !session.loggedIn || (result.owner !== session.user)));
+    const symIsNew = !result;
+    const symIsLocked = result && result.locked;
+    const symIsHidden = result && result.hidden;
     // Handle the HTTP methods
     switch (event.httpMethod) {
     case 'DELETE':
-      if (resultLocked)
+      if (!symIsOwned)
         return respond.forbidden();
       if (result) {
 	let item = { name,
@@ -48,34 +54,34 @@ exports.handler = async (event, context, callback) => {
         return respond.notFound();
       break;
     case 'GET':
-      if (result && result.bracery) {
+      if (result && result.bracery && (symIsOwned || !symIsHidden)) {
         let ret = { bracery: result.bracery };
-        if (result.locked) {
+        if (symIsLocked)
           ret.locked = true;
-          ret.owned = (result.owner === session.user);
-        }
+        if (symIsHidden)
+          ret.hidden = true;
+        if (symIsOwned)
+          ret.owned = true;
         respond.ok (ret, corsHeader);
       } else
         respond.notFound();
       break;
     case 'PUT':
       {
-        if (resultLocked)
+        if ((symIsLocked || symIsHidden || symIsNew) && !symIsOwned)
           return respond.forbidden();
 	let item = { name,
                      bracery: body.bracery,
 		     updated: Date.now(),
 		     revision: result.revision };
-        if (session.loggedIn)
+        if (symIsOwned)
           util.extend (item,
-                       { locked: body.locked,
-                         owner: session.user } );
+                       { locked: !!body.locked,
+                         hidden: !!body.hidden } );
         let putResult = await
 	(result
          ? util.updateBracery (item, dynamoPromise)
          : util.createBracery (item, dynamoPromise));
-
-        await util.clearSession (session, dynamoPromise);
         
         respond.ok ({ revision: putResult.revision }, corsHeader);
       }
diff --git a/lambda/bracery-util.js b/lambda/bracery-util.js
index 2d97299..c8e03ee 100644
--- a/lambda/bracery-util.js
+++ b/lambda/bracery-util.js
@@ -113,19 +113,6 @@ async function getSession (event, dynamoPromise) {
   }
 }
 
-async function clearSession (session, dynamoPromise) {
-  await dynamoPromise('updateItem')
-  ({ TableName: config.sessionTableName,
-     Key: { cookie: session.cookie },
-     UpdateExpression: 'SET #s = :s',
-     ExpressionAttributeNames: {
-       '#s': 'state',
-     },
-     ExpressionAttributeValues: {
-       ':s': 'null',
-     } });
-}
-
 // async https.request
 async function httpsRequest (opts, formData) {
   return new Promise
@@ -486,7 +473,6 @@ module.exports = {
   getParams,
   getName,
   getBookmarkedParams,
-  clearSession,
   createBookmark,
   httpsRequest,
   respond,
diff --git a/lambda/bracery-view.js b/lambda/bracery-view.js
index 37ecafd..1386783 100644
--- a/lambda/bracery-view.js
+++ b/lambda/bracery-view.js
@@ -44,6 +44,7 @@ const templateDefVar = 'SYMBOL_DEFINITION';
 const templateRevVar = 'REVISION';
 const templateRefsVar = 'REFERRING_SYMBOLS';
 const templateLockedVar = 'LOCKED_BY_USER';
+const templateHiddenVar = 'HIDDEN_BY_USER';
 const templateInitVar = 'INIT_TEXT';
 const templateVarsVar = 'INIT_VARS';
 const templateRecentVar = 'RECENT_SYMBOLS';
@@ -59,24 +60,18 @@ exports.handler = async (event, context, callback) => {
 
   // Set up some returns
   let session = await util.getSession (event, dynamoPromise);
-  console.log('Session:', JSON.stringify(session, null, 2));
   const respond = util.respond (callback, event, session);
 
   // Wrap all downstream calls (to dynamo etc) in try...catch
   try {
     // Get app state parameters
     const isRedirect = event && event.queryStringParameters && event.queryStringParameters.redirect;
-    const isReset = event && event.queryStringParameters && event.queryStringParameters.reset;
     const revision = event.queryStringParameters && event.queryStringParameters.rev;
-    const gotSessionState = session && !!session.state && !isReset && !revision;
-    const parsedSessionState = gotSessionState && JSON.parse (session.state);
     const isBookmark = event && event.queryStringParameters && event.queryStringParameters.id;
     const appState =
 	  (isBookmark
            ? await util.getBookmarkedParams (event, dynamoPromise)
-           : (parsedSessionState && (isRedirect || parsedSessionState.name === util.getName(event))
-	      ? parsedSessionState
-	      : util.getParams (event)));
+           : util.getParams (event));
     const { name, initText, evalText, vars, expansion } = appState;
     console.log({appState});
 
@@ -95,9 +90,7 @@ exports.handler = async (event, context, callback) => {
     tmpMap[templateUserVar] = null;
     tmpMap[templateExpVar] = expansion;
     tmpMap[templateExpHtmlVar] = '<i>' + '...bracing...' + '</i>';
-    tmpMap[templateWarningVar] = (!isBookmark && !isRedirect && parsedSessionState && (evalText || initText || expansion)
-				  ? ('Loaded from auto-save (<a href="' + config.viewPrefix + name + '?reset=true" id="clear_autosave">clear auto-save</a>)')
-				  : '');
+    tmpMap[templateWarningVar] = '';
 
     const populateExpansionTemplates = (expansion) => {
       if (expansion) {
@@ -136,8 +129,10 @@ exports.handler = async (event, context, callback) => {
           const result = res.Items && res.Items.length && res.Items[0];
 	  if (result) {
             tmpMap[templateRevVar] = result.revision;
-            if (result.locked && result.owner === session.user)
+            if (result.locked)
               tmpMap[templateLockedVar] = ' checked';
+            if (result.hidden)
+              tmpMap[templateHiddenVar] = ' checked';
 	  }
 	  if (!result || (typeof(evalText) === 'string' && !revision))
 	    return expansion;
@@ -186,12 +181,6 @@ exports.handler = async (event, context, callback) => {
             }))
          : Promise.resolve());
 
-    // Reset the session, if requested
-    let resetPromise =
-	(isReset
-	 ? util.clearSession (session, dynamoPromise)
-	 : Promise.resolve());
-    
     // Read the template HTML file
     const templateHtmlBuf = await util.promisify (fs.readFile) (config.templateHtmlFilename, config.stringEncoding);
 
@@ -199,7 +188,6 @@ exports.handler = async (event, context, callback) => {
     await newsPromise;
     await symbolPromise;
     await botPromise;
-    await resetPromise;
     
     // Do the %VAR%->val template substitutions
     if (session && session.loggedIn && session.username)