In general the logoff process kills the session on client and server side, and/or clears the authenticated status of the session. If you want to access any protected page, you get a redirection to the logon page. If you are interested in how you can achieve this in ASP.NET, just create a project using the forms authenticated template included in Visual Studio.
Here you have an overview:
http://msdn.microsoft.com/en-us/library/ff647070.aspx[
^]
An other consideration: back button has also to do with caching. With just the above things "back" will show the cached page. You need to disable
client side caching[
^] to ensure page reload from server and you can redirect to logon page.