Lifecycle of a session cookie in an Android WebView / CookieSyncManager

Question

I have an Android application which makes requests to my webserver via both a WebView and an HttpClient. I sync cookies between the two using a CookieSyncManager. So far, so goo

Answer 1

I received a response directly from a Google engineer, who confirmed my suspicions:

You are correct, session cookies do not expire automatically in the lifecycle of a WebView. If you are seeing issues with this, you can always clear all of your cookies or overwrite your session cookies explicitly with an empty value.

The code you have suggested looks like a good workaround, just be aware that cookie synchronisation using a CookieSyncManager is not synchronous - the startSync(), stopSync() and sync() commands are executed asynchronously in a background thread.

TL;DR - session cookies do not expire when a WebView closes, you'll have to manage that yourself.