Here is how i did it
Assuming that you have a Login.aspx and Home.aspx and Moreover you have "Login" Button in the Login.aspx and a "SignOut" Button in the Home.aspx;
Put this under the Page Load event of the Login.aspx
Session["LoginId"] = null;
Put this under the click event of "Login" button [NB. put this code after you validate the password]
Session["LoginId"] = TextBox_UserName.Text;
Response.Redirect("HomePage.aspx");
Put this under the Page Load event of the Home.aspx
if (!IsPostBack)
{
if (Session["LoginId"] == null)
Response.Redirect("Login.aspx");
else
{
Response.ClearHeaders();
Response.AddHeader("Cache-Control", "no-cache, no-store, max-age=0, must-revalidate");
Response.AddHeader("Pragma", "no-cache");
}
}
Put this under the Click event of "SignOut" button
try
{
Session.Abandon();
Session["LoginId"] = null;
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Buffer = true;
Response.ExpiresAbsolute = DateTime.Now.AddDays(-1d);
Response.Expires = -1000;
Response.CacheControl = "no-cache";
Response.Redirect("Login.aspx", true);
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
What happens is that When the user clicks back button and the Login.aspx page appears then the session is set to null so pressing the back button to access the home page again would not open the home page rather it redirects it to the Login.aspx page. Same is true if the user press the "SignOut" button, the back button redirects it to Login.aspx.