Verify user when he come back after logout

we are developing a web application using Struts 1.2. In that application, when user presses logout, it will logout the user,but when he presses back button, it will take him inside without asking for username and password. Likewise, when we give the url of the page after login, it will take him inside without verifica开发者_运维知识库tion.

I dont know how to reolve this kind of security problem. Please guide me.

How did you implement your logout action? If you are implementing your own (say, without using Spring Security, etc), you should be invoking session.invalidate(); when the user is logging out. Sure, when your user hits the back button, they might still see the page due to browser caching (depending how to implement the log out action) but when they try to access a secure page after that, they will not have access to it.