I have a web site developed using ASP/VBScript. This site allows members to log in using session cookies. When they sign out I make sure the session cookies are abandoned. I have also added the following to the header of each page:
<meta http-equiv="pragma" content="no-cache" />
<meta http-equiv="expires" content="-1" />
<meta http-equiv="cache-control" content="non-cache" />
Despite this, when a person logs out it is still possible to bit the back button of the browser and view the pages within their account. I have protected the pages so that any attempt to click on links within protected pages would redirect to a login page. However I would like to do something similar to Hotmail, when I log out and hit the back button the pages are expired and cannot be viewed.