Let's say I login on the browser, and click a few times here and there on the web-server to do stuff. Then, I get distracted and go to a webmail site to retrieve and read my mail without closing the current browser. One of the messages has a link to an "evil" website, having malicious scripts, etc. When I click on the link, information about which websites I had visited before, my IP, etc., will be sent to the "evil" website. Using that data it's able to do malicious stuff on the server I visited last, since I had already logged on before. The "evil" website will be able to send commands to the server as me!

So, my question is.... How do you, webmasters, solve or prevent this problem? Is there a better way than prompting the user for their login ID and password everytime they go to restricted area on the web server, or webpage?

Originally posted as a Categorized Question.