I'm having a session problem with jsf. I've googled abut sessions and none of the results answer this question: what happens when a user logs in, copies the link, logs out and pastes the link in the browser? They say that I should validate the user when the page loads and make two forwards: one towards an error page and one towards a success page. But what if the user copies the success page's link? When or where is it's validation? And how can I solve all that without using scriptlets in my jsp pages?

You should be using forward, and not redirect. The user should only ever see the url he originally clicked on then. Also, use filters to perform the authentications, not the JSP itself.

I did say fwd, not redirect :P
I can't seem to find a complete example of a session based application which states all the steps in order, from the beginning to the end, which part goes where and why.
If anyone knows any, please let me know or if anyone would create one for me here, lots of thanks. It should be for a beginner and it shouldn't assume I can guess large chunks of code in the place of an important operation :|