Here is an option that requires your web application to use the POST-REDIRECT-GET pattern which is implemented in many web framework like Spring Web Flow.
In such a context, the back click after session expiration means the browser sends a new GET request and your server code receives it with a fresh new HttpSession. You can detect that situation thanks to a session attribute your wizard initiates at the first page: if the GET request is not for the first page and the session does not contain that attribute, it means the session has been lost either by logout or expiration timeout. So you can display a custom page to alert the user he lost his job and directs him to the first page of your wizard.
With the POST-REDIRECT-GET pattern, there is no chance the browser's back button display the previous form with latest input without sending a new GET request I mention.
By the way, if you design a lot of such wizards, I recommend you to use Spring Web Flow which only consists in controller servlets so you can use any view technology.
Alternative: it is possible to avoid data loss thanks to custom persistent cookies that stores (in clear or encoded) all information provided by the user during the wizard after each submission to the server. In that case, even session attributes are useless. But it may be complex to achieve because of many constraints like maximum cookie length, the number of cookies or maximum HTTP header line as all cookies are sent on a single line...
