You can't practically disable refresh, and preventing caching will not help this issue.
You either need to make sure that the form post isn't hanging around (by redirecting rather than forwarding), or have your server-side code detect this condition and deal with it.
The latter is actually a well-known
pattern:
1) When your form is generated, create a unique token value -- usually using the system clock time.
2) Place this value in your form as a hidden form element.
3) Also place the value into the session.
4) When the form is submitted, compare the two values. If they match, remove the session token and proceed. If they don't match, or the session token is missing, you know that the form is being "resubmitted" and you can deal with the situation as appropriate to your application.