I have a WebView instance which allows the user to authenticate and get access to some parts of the functionality provided by the web app. Once the user has finished their work with the WebView, we need to clean up the session for security purposes.
What's strange, the next time I open a screen with WebView, the session is still alive and I can proceed where I left off, despite my attempts to clean up the session.
Things I tried to do (I actually ran the debugger to make sure these methods are called):
webView.clearCache(true)
webView.clearFormData()
webView.clearHistory()
webView.clearSslPreferences()
webView.clearMatches()
CookieManager.getInstance().removeAllCookies {
CookieManager.getInstance().flush()
}
The reason I'm calling flush() in the removeAllCookies()'s callback is that removeAllCookies() method is async, so I was thinking that maybe it takes some time to sync the state of in-memory cookies storage with persistent storage, but this does not help.
I don't do anything fancy with CookieManager, it's a default one provided by OS (Android 9.0 installed on Pixel 2 XL). Is there anything I'm missing?
Ok, turns out the session was stored in a local storage, so all you need to do is:
WebStorage.getInstance().deleteAllData()