I'm having a session problem with jsf. I've googled abut sessions and none of the results answer this question: what happens when a user logs in, copies the link, logs out and pastes the link in the browser? They say that I should validate the user when the page loads and make two forwards: one towards an error page and one towards a success page. But what if the user copies the success page's link? When or where is it's validation? And how can I solve all that without using scriptlets in my jsp pages?