使 Android WebView 不存储 cookie 或密码 [英] Make Android WebView not store cookies or passwords

问题描述

我使用 Android WebView for TwitterOAuth:Twitter 要求用户登录并授权应用程序，我检索访问令牌并将其保存在我的应用程序中.

I use an Android WebView for Twitter OAuth: Twitter asks the user to log in and authorize the application, I retrieve the access token and persist it in my application.

我不需要(也不)存储用户密码，但 WebView 会保留 Twitter 的 cookie，并且还会询问用户是否希望它记住密码.因此，即使在通过他的 Twitter 帐户页面取消对应用程序的授权，并且我的应用程序破坏了访问令牌，下次打开 WebView 时，它可能仍处于登录状态，即使没有，它也有密码框已经填好了.

I have no need (and do not) store the user password, but the WebView keeps Twitter's cookies around, and it also asks the user if he wants it to remember the password. As a result of this, even after the de-authorizes the application via his Twitter account page, and my application destroys the access tokens, the next time the WebView is opened, it is probably still logged in, and even if not, it has the password box already filled.

如何强制 WebView 不要求记住密码，也不保留会话 cookie?如果这是不可能的，我是否可以删除其所有存储状态(可能除了图像缓存)?

How can I force WebView to not ask to remember passwords, and to not persist session cookies? If that is not possible, can I delete all its stored state (except maybe the image cache)?

推荐答案

您可以使用它来防止 cookie 被存储并清理已经存储的 cookie:

You can use this to prevent cookies from being stored and clean cookies already stored:

CookieSyncManager.createInstance(this);
CookieManager cookieManager = CookieManager.getInstance();
cookieManager.removeAllCookies(callback);
cookieManager.setAcceptCookie(false);

WebView webview = new WebView(this);
WebSettings ws = webview.getSettings();
ws.setSaveFormData(false);
ws.setSavePassword(false); // Not needed for API level 18 or greater (deprecated)

这篇关于使 Android WebView 不存储 cookie 或密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！