Seam:token tag not being respected

When I click a command button, and then hit the browser back button to the form and click it again, it submits a second time without throwing the proper exception...

Even stranger, the form id itself is DIFFERENT when I come back, which implies it has regenerated a "valid" form id at some point.

Here's the relevant code: Any ideas?

<h:form id="accountActivationForm">
    <s:token/>
    <a4j:commandButton id="cancelActivateAccountButton"
        action="#{controller[cancelAction]}"
    image="/images/button-Cancel-gray.gif"
        reRender="#{reRenderList}"
        oncomplete="#{onCancelComplete}" />
        &#160;
    <a4j:commandButton id="activateAccountBut开发者_如何学Goton"
        action="#{controller[agreeAction]}"
        image="/images/button-i-agree-continue.gif"
        styleClass="activate-account-button"
        reRender="#{reRenderList}"
        oncomplete="#{onActivationComplete}"/>
</h:form>

Clarifications:

• I inherited this, so I'm trying to change it as little as possible. (It's used in a couple places.)
• Each action returns a view, not null. I have confirmed this by stepping through line-by-line.
• The reRenderList is empty in my current test-case.
• onActivationComplete is also empty.

I'm going to be going template-by-template to see if someone made it with nested forms, because my coworkers have had unrelated problems due to that, so it couldn't hurt to eliminate that as a possible problem.

---

The s:token is supposed to avoid double/multiple submits by impatiently clicking the submit button multiple times in the same request or by refreshing the non-redirected result in the webbrowser or by resubmitting the cached page in the browser history.

That it works when the client navigates back and forth by browser history just means that the pages with the forms are not cached in client's browser history and are requested as brand new from the server side again. That would indeed return a new token. Check it yourself with a HTTP tracker like the one in Firebug.