Worrying about the browser history and back button is going to give you headaches and genital warts. There are facilities built in to handle this problem.
Your logout link/button should point to a page containing this code, along with whatever else you want.
[vb.net]
Imports System.Web.Security
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) _
Handles MyBase.Load
Session.Abandon()
FormsAuthentication.SignOut()
End Sub
[c#]
using System.Web.Security;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
Session.Abandon();
FormsAuthentication.SignOut();
}
Code comes from this page and is valid but the page is hard on the eyes.
A good Question/Answer regarding backbutton behavior can be found here.
Update:
pursuant to the conversation I am having with Matthew, disabling caching on individual pages that are sensitive or volitile can be done with code such as follows:
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
I am curious to know if it works for you as it does for me.