I have an app using forms authentication. I use Formsauthentication.signout in logoff action with Session.Abandon and Session.Clear. If I hit the back button and go all the way back to the login page, the username and password are still in the fields. And I can hit submit and it reauthenticates. The only way around this that guarantees the clearing of these fields is to redirect to the login action instead of the home page. I verified this behavior with a default visual studio project with individual accounts. Am I missing something? Is there a way to log a user off and redirect to home page, but have the login fields cleared? From what I am reading there isn't much to do except tell the user to close the browser window is the only guaranteed way of the page not being accessible.