I made the assumption that you are using
Struts when I made that suggestion. You can always implement your own use of tokens but Struts makes it easier. Are you using Struts?
A token is a value that gets submitted usually with every post request. The benefit is that if some state changes you can change the token, making all requests that have the old token (browser cache) invalid.
In your case, a new login would create a new token for the session. The other instance of the old browser (before Ctrl+N) would still contain the old token, which you can catch on the server when they try to submit it and display an error page.
[ November 16, 2004: Message edited by: Marc Peabody ]