I have a small query. Suppose you have a very secured site. Now after the user has logged in, the user copies the URL from the address bar of the browser. Then in the same browser window user opens another site (google.com). Now the user pastes the copied URL in the address bar . Here the request is bypassing the login page and the user sees the first page of the application. How can this be avoided. A classic example is some banking website, for example www.icicibank.com.
On this website the above situation does not arrise as ( i guess ) each and every request is being authenticated by the web application.
Please help me !!!