For most high-security (banking, taxes, etc.) applications I've run into online, I've seen three methods of handling it:
You always have to log in to an account (or create one) to access the application, then...
1. If you try to use the back button, or any browser navigation controls, you are informed that such-and-something has expired and you have to start all over again... (eliminates unauthorized accesses caused by folks who forget to log out at the end of a session). All "next" and "back" naivgation functions are presented in the browser window, and appear to be handled by the program itself.
2. Browser navigation works fine for any page up to, but not including, the login/registration page. You have to log out to end your session (or close the browser window).
However, as far as "standards" go, I don't know that there are any... IMO, method #1 above may be aggravating from time-to-time, but it seems more secure.