How can I protect my JSP pages (or servlets) against the user's using the browser's back arrow and losing the session?

This question is rather puzzling. Unless you're using URL-rewriting, you can't "lose" a session as it is maintained by cookies. If you think about displaying content which might already have become invalid, you can use HTTP-headers for manipulating content life-time. (See FAQs on preventing caching.)