The answer probably won't make much sense to you, since it requires a knowledge of HTML (or JSPs)... but...
Quite simply, it is not tracking your refresh or back buttons presses on your browser. It is using sessions (and/or cookies) to track the state of what you are trying to do. And hitting refresh or back is distrupting the session state -- which is why it is complaining and asking you to relogin.
The webpage is either using url rewriting or cookies to maintain a session -- it is basically an id that was created for you on the server side.
This id was created when you logged in, and probably points to a state of the session. So when you make a request, the session, the html request, and everything else (post or get) is sent to the server. If the webpage, and data of your request, is for some session, whose state is supposed to be someelse, it won't work.
Since there should be no way for you to get the state out of sync with the links, it merely assumes that you press back or refresh.
Personally, I think it is just bad programming. Web apps should be written to withstand some amount of back, and definitely refresh.