If you are looking for restricting the user from going back after logging off, better use
in the <Body> tag on the page from where the user logs out. This will not let the user go back once logged out. This has to be given on all pages from where logoff is provided.
Also use session variable and check on all pages if the session variable contains value, carry this out till the user signs off. Once the user signs out, Use
that clears the session variables and thus if the user is still able to go back, then automatically he wouldn't be able to access the pages, as the session is abandoned. You got to be careful to check the session values on all pages, which fall under log on session for the user, and redirect the user to a customized error page, if the session is invalid.
Hope that helps.
- Vijay G
Strive for Perfection