And then I am forwarding to next JSP. But on pressing the back button I am still getting the older page. PLease guide me how to handle this situation.
Cache-Control headers alone will not help you here. If the user is in session(logged-in) and if he uses back-browser button he can view the pages.
Basically I have to logout from the session and do not want to enter the previous page.
You got use session methods here. session.invalidate() will invalidate the current session of the client. If the user directly enter the URL to retricted resource in your application then your application logic should handle it. Like get the user name/password and store it in session as an attribute and verfify it in every restricted page.