I have created a web app that only accepts authorized users to view certain pages. After user logs out, he can however view the pages by using browser's 'back' button, although they cannot interact with it i.e any link is forbidden. I want them not to be able to even view those pages after they logged out.
That non-caching code is useful in its way, but if your application isn't coded to keep track of logged-in users properly then it doesn't answer Ashish's question.
The way to keep track of logged-in users is to keep a special "user" object in their session. This would contain whatever information the application needs to know about the user (e.g. the user's name so it can say "Hello Ashish").
When the user logs in, the login servlet creates a user object and adds it to the session. When the user logs out, the logout servlet removes that object from the session. Then at any time if you want to know if the user is logged in, you simply look in the session for that object. Not there? Not logged in. In this case it doesn't matter how the request is generated, in particular it doesn't make any difference whether the back-button was involved.
Just testing the existence of a session isn't going to work reliably.