On the back-end (in the admin area), you can set password protection on a per page basis. Go here to learn about that.
Next, the filter to which you refer is the correct one. Simply return when it is to expire in relation to right now.
add_filter('post_password_expires', function($time) {
return time() + 1; // NOW + 1 second
});
As for the hitting the back button, you are getting a cached page that has been stored on your local machine. To get around this, you need to tell the local computer to ditch the old page and retrieve it off the server. A discussion on this has already been had. But, you still need to figure out where in the WordPress process you want to enter (hook into). Depending on how you output the headers, you can use the wp_head hook to output via HTML or the init hook to use the header() method. Shoot, you could even use the wp_headers hook and just return a whole array of them.
After you do this, you’ll have to clear your local machine’s cache so that you retrive a newly generated page with the new header information from the server (and don’t use your old page on your local machine). Happy coding!