Is there a way of preventing a user manipulating the URL and accessing a page that should only be accessed by the result of an action on a session bean? For example, I have two pages of data entry followed by a pdf generated by the iText component. If I am on page 1 or 2 then it is still possible for me to access page 3 (and get useless results) by manipulating the URL. This seems like a serious flaw in Seam to me. It's possible that I am missing something obvious as I am fairly new to Seam and JSF. Thanks. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4029688#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...