I found the following methods in Action.java which I think may help to control the session ID. That means if the user submits the page and press the back button and submit the page again it will throw an error.

Ted Husted

Before going to a page you want to protect, route to an Action first and call SaveToken. This stores a token with a unique value in the user's session.

If the page uses the html:form tag, it will automatically include a hidden field with the token if it finds one in the session.

In the Action that receives the page, use isTokenValue to see if the token in the session matches the one from the form. Call resetToken to clear the token, so it can't be used again.

HTH -Ted.