I presume that by back button you are referring to a browser and you have implemented that with JSPs.
In that case when the username and password are correct, save the username in the session before you redirect to the next page. Then when you go to the next page (and every page) always take the username from the session and check if it is not null.
When you logout remove the username from the session, so when you hit the back button and try to get the username from the session it will be null. Then you can redirect the user to the login page