when logging out prevents user using back button

You have to prevent the page from being cached, and your meta tag will not do that

Suggestions:
Prevent the page from being cached. This can be done with server-side script:

<%
  Response.Buffer = True
  Response.ExpiresAbsolute = Now() - 1
  Response.Expires = 0
  Response.CacheControl = "no-cache"
%>
This method works great! It forces the browser to go to the server to get the page instead of from its cache. What you will want to do is create a Session-level variable that determines whether or not a user can still "view" the page that you do not want to let the user navigate back to. Since the page is not being cached on the browser, the page will be reloaded when the user hits the back button, and you can check for that session-level variable to see if the user can view this page or not

For example, we could create a form like so:

<%
  Response.Buffer = True
  Response.ExpiresAbsolute = Now() - 1
  Response.Expires = 0
  Response.CacheControl = "no-cache"

  If Len(Session("FirstTimeToPage")) > 0 then
    'The user has come back to this page after having visited
    'it... wipe out the session variable and redirect them back
    'to the login page
    Session("FirstTimeToPage") = ""
    Response.Redirect "/Bar.asp"
    Response.End
  End If

  'If we reach here, the user can view the page, create the form
%>

<form method=post action="SomePage.asp">
  <input type=submit>
</form>
Note that we are using a Session variable (FirstTimeToPage) to check to see if this is the users first visit to this particular page. If it isn't (that is, if Session("FirstTimeToPage") contains any value), then we clear out the session variable and redirect the user back to some starting page. Now, when the form is submitted (and SomePage.asp is loaded), we must set the session variable FirstTimeToPage to some value. So... in SomePage.asp we'd need code like:

Session("FirstTimeToPage") = "NO"

Then, if the user, on SomePage.asp, hits the back button, the browser will requery the Web server, see that Session("FirstTimeToPage") contains some value, clear Session("FirstTimeToPage"), and redirect the user to some page. All of this hinges, of course, on the fact that the user has cookies enabled, else session variables won't work! (For more information on this subject, be sure to check out the FAQ: For session variables to work, must the Web visitor have cookies enabled?)

You can also use client-side code to force the user's browser to not cache a Web page.

<html>
<head>
  <meta http-equiv="Expires" CONTENT="0">
  <meta http-equiv="Cache-Control" CONTENT="no-cache">
  <meta http-equiv="Pragma" CONTENT="no-cache">
</head>

There are a couple things to keep in mind when using the above method to force a browser to not cache a Web page:

    * Pragma: no-cache prevents caching only when used over a secure connection. A Pragma: no-cache META tag is treated identically to Expires: -1 if used in a non-secure page. The page will be cached but marked as immediately expired.
    * Cache-Control META HTTP-EQUIV tags are ignored and have no effect in Internet Explorer versions 4 or 5