I faced this problem many times in the past, and I think I finally found the solution. Unfortunately, since I have only been required to work in the Java environment, my solutions are only presented in a Java-centric way. This is not to say that the problem and solution are only tied to a particular technology. I just have not done a sample is ASP.NET or PHP. My goals are eventually to do them.
Anyway, for now, you can catch an article that I wrote:
http://www.javaworld.com/javaworld/j...27-logout.html
Since then, I found out an even "better" way of doing it, and you can check out the demo here:
http://pragmaticobjects.org/properLogoutDemo/
https://pragmaticobjects.com/properLogoutDemo/
So as you can see, there is a solution, and it works for both http and https (one code base). In both cases, the back button is not disabled as in your requirements. However, the back button has been "neutralized" or made ineffective.
I will post a more ASP.NET centric solution.
Kevin H. Le
http://pragmaticobjects.org