Make Android WebView not store cookies or passwords

Question

I use an Android WebView for Twitter OAuth: Twitter asks the user to log in and authorize the application, I retrieve the access token and persist it in my application.

Answer 1

Don't clear cookies beacause it will effect other sessions like facebook etc.. stored inside the cookie so try to follow this method

Before oauth transaction such as before the webview creation

CookieManager cookieManager = CookieManager.getInstance();
cookieManager.setAcceptCookie(false);

After oauth transaction let accept cookie by setting

cookieManager.setAcceptCookie(true);

it will work i have tested it..

Answer 2

I have used following solution:

CookieManager cookieManager = CookieManager.getInstance();
cookieManager.setAcceptCookie(false);

Following method does not worked for me:

CookieManager cookieManager = CookieManager.getInstance();
cookieManager.removeAllCookie();

A possible reason may be that we have not synced the cookies as following:

CookieSyncManager.createInstance(getContext()).sync();

But it may be taking time.

Forcing WebView to not ask to remember passwords will also not work.

And it is also not good for usability.

Answer 3

For not saving passwords:

WebView webview = new WebView(this);
WebSettings mWebSettings = webview.getSettings();
mWebSettings.setSavePassword(false);
mWebSettings.setSaveFormData(false);

For cookies:

CookieManager cookieManager = CookieManager.getInstance();
cookieManager.setAcceptCookie(false);

I am not very sure for the cookies implementation.

Answer 4

In one line, Try this. I think this should be called after starting the webview.

android.webkit.CookieManager.getInstance().removeAllCookie();

Answer 5

You can use this to prevent cookies from being stored and clean cookies already stored:

CookieSyncManager.createInstance(this);
CookieManager cookieManager = CookieManager.getInstance();
cookieManager.removeAllCookies(callback);
cookieManager.setAcceptCookie(false);

WebView webview = new WebView(this);
WebSettings ws = webview.getSettings();
ws.setSaveFormData(false);
ws.setSavePassword(false); // Not needed for API level 18 or greater (deprecated)

Answer 6

This is the best answer I have seen in this context

    webView.clearCache(true);
    webView.clearHistory();
    WebSettings webSettings = webView.getSettings();
    webSettings.setSaveFormData(false);
    webSettings.setSavePassword(false); // Not needed for API level 18 or greater (deprecated)

    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP_MR1) {
        CookieManager.getInstance().removeAllCookies(null);
        CookieManager.getInstance().flush();
    } else {
        CookieSyncManager cookieSyncMngr = CookieSyncManager.createInstance(this);
        cookieSyncMngr.startSync();
        CookieManager cookieManager = CookieManager.getInstance();
        cookieManager.removeAllCookie();
        cookieManager.removeSessionCookie();
        cookieSyncMngr.stopSync();
        cookieSyncMngr.sync();
    }