I have got an app which is already developed by some other developer and I am now supporting it.
App is basically wrapper for a website and handles pdf and image download also handles mailto etc.
Now to describe the issue. User clicks on login button, we load specific url using webview website redirects url to Microsoft SSO login where user logs in with credentials and navigated to homepage. Now even if user closed application and open it again launching the same url takes user to homepage without needing to log in again.
But if user opens the the app after longtime say after 7-8 hours launching the same url takes user to internal login page of the website rather than homepage. User needs click back and again login button 2-3 times and then homepage gets loaded.
Code:
myWebView.setWebViewClient(new MyBrowser());
myWebView.getSettings().setJavaScriptEnabled(true);
myWebView.getSettings().setAllowFileAccess(true);
myWebView.isPrivateBrowsingEnabled();
myWebView.getSettings().setAllowContentAccess(true);
myWebView.getSettings().setDatabaseEnabled(true);
myWebView.getSettings().setLoadWithOverviewMode(true);
myWebView.getSettings().setLoadsImagesAutomatically(true);
myWebView.getSettings().setJavaScriptCanOpenWindowsAutomatically(true);
myWebView.getSettings().setDomStorageEnabled(true);
myWebView.getSettings().setRenderPriority(WebSettings.RenderPriority.HIGH);
myWebView.getSettings().setSavePassword(true);
myWebView.getSettings().setSaveFormData(true);
myWebView.getSettings().setPluginState(WebSettings.PluginState.ON);
myWebView.getSettings().setAllowFileAccessFromFileURLs(true);
myWebView.getSettings().setAllowUniversalAccessFromFileURLs(true);
myWebView.getSettings().setSupportMultipleWindows(true);
myWebView.getSettings().setMixedContentMode(0);
myWebView.setLayerType(View.LAYER_TYPE_HARDWARE, null);
CookieManager.getInstance().setAcceptCookie(true);
Some solutions tried already
We have used the same approach in iOS too but there we are not facing similar issue.
Please help me if you have any input regarding this.
Let me know if any more details or context that need to be added so that I can provide you guys with more info.
Thanks
WebView cookies are session-based unless explicitly persisted. Unlike iOS (which handles this better via shared cookie stores), Android WebView's CookieManager is notoriously flaky over long idle durations.
SSO Token Expiry + Incorrect Routing
If session tokens expire (like Azure AD cookies or tokens), and the app tries to reuse an expired session, Microsoft may send an auth challenge, and your app ends up on an unexpected fallback login page.
1.Don't Clear Cache Unless Absolutely Necessary -
You're currently doing this:
"Clearing cache before launching WebView"
That may be wiping auth tokens or storage, so only clear it on logout or if session is compromised.
2.Enable Cookie Persistence Across Sessions -
CookieManager cookieManager = CookieManager.getInstance();
cookieManager.setAcceptCookie(true);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
cookieManager.setAcceptThirdPartyCookies(myWebView, true);
}
WebView.setWebContentsDebuggingEnabled(true); // For dev debugging only
And this is key:
CookieManager.getInstance().flush(); // Persist to disk immediately
You could use WebStorage.getInstance().deleteAllData() when debugging cache issues.
Also Can you please check Redirect Chains by adding below code.
@Override
public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) {
Log.d("Redirect", "URL: " + request.getUrl());
return false;
}