I want to implement following features to my one of the website project;

1. I Don't want to let user navigate between pages. Page must be expired. Like onlinesbi or some other secure site.
2. If user log out > go back > refresh then again he logs in (currently). I have to disable such login.

I am already setting no-cache through meta tag

Please let me know how to implement above features.

http://www.mnot.net/cache_docs/

This HTTP header:

Cache-Control: public, no-cache

Take a look at that document!

You can place HTTP headers with instructions about how the browser should cache the page.

cheers.

Killing the session must be enough. When you go back, refresh the page and the user is logged in again, there must be some sort of automatic relogin. This is mostly done using a cookie when the user chooses to check the "remember me" option.

I would suggest the following:

1. See if there is a cookie and some sort of re-login mechanism. If so, try to logout, clear the cookie, use the back button and see if the problem still exists. This way, you know the relogin logic kicks in.

2. If there is no cookie or the above test failed, check the code where you test the session. Maybe you creating it accidentally. For example, when you get the session from an http request, you can control if a new session should be created:

e.g.

request.getSession(false);

JavaDoc