End user session when on new browser tab

We have a financial application in which when a user opens a link in a new tab and closes the previous one his session is still active in the new tab. This can create issues of Cross Site Request Forgery which , to us, is a big issue. Talking to our developers about this in implementing something that uses onload or unload (as described here http://www.liferay.com/community/forums/-/message开发者_如何学C_boards/message/2948770) said that the way the application is build (Java+faces+jboss+tomact) will create issues as the use will be logged out each time he clicks on a menu. This is because the function is called whenever a user navigates from one page to another.

Is there a way around this issue without using the unload/onload Javascript function?

It is impossible to detect the user closing the page without using javascript.

However, it would be more user-friendly if you stored multiple CSRF tokens instead of just a single one (e.g. up to 10). When one is used, only this one is invalidated and when a new one is necessary, the oldest one is deleted. This ensures people can work in multiple tabs while still having CSRF protection.