Android webview cookies and form data

I was doing some research on clearing cookies on the Android webview (version 2 and version 4) and noticed that clearing the cookies alone was not enough to get rid of the form data. Given below are some findings so that anyone looking can see the results without repeating the experimentation...

CookieManager.getInstance().removeAllCookie();

Android version 2

Before calling - CookieManager.getInstance().removeAllCookie()

Cookies table – webview.db

Cache table – webviewCache.db

After calling  - CookieManager.getInstance().removeAllCookie()

Cookies table – webview.db

Cache table – webviewCache.db

As seen above the cookies table data are deleted but not the cache table data.

Android version 4

Before calling - CookieManager.getInstance().removeAllCookie()

Cookies table – webview.db

This is no longer used to store data.

Cookies table – webviewCookiesChromuim.db

There is another DB called webviewCookiesChromuimPrivate.db which I did not see data being populated to (maybe because I was not using private browsing as seen below).

A quote from another website:

"what is peculiar is that the “webview.db” file still contains the legacy “cookies” table, however in testing this was never populated. Instead, a new database named “webviewCookiesChromium.db” is used to store cookie data.

“webviewCookiesChromiumPrivate.db”. This database contains cookies transmitted while an “Incognito Tab” (the private browsing feature) is being used. The structure is identical to the other database; however, when the incognito tab is closed the file is truncated to 0 bytes.* " (http://digitalinvestigation.wordpress.com/2011/12/02/android-ice-cream-sandwich-browser-cookies-and-other-artefacts/)

After calling  - CookieManager.getInstance().removeAllCookie()

Cookies table – webview.db

Well there was no data to begin with there so lets move on...

Cookies table – webviewCookiesChromuim.db

The cookies table data was deleted.

However if we log in or save a form, that data is not cleared by simple clearing the cookies:

as seen below, those are in different tables:

So basically I think it is a good practice to delete the form data as well when deleting the cookies. code snippet to do that: 

  WebViewDatabase webViewDatabase =WebViewDatabase.getInstance(context);

        webViewDatabase.clearHttpAuthUsernamePassword();

        webViewDatabase.clearUsernamePassword();

        webViewDatabase.clearFormData();

This code removes the data shown in the screenshot above.

There is also a method which can be used to clear the cache, even though it is a webview instance method it removes the cache for all the webviews in your application. More information at: http://developer.android.com/reference/android/webkit/WebView.html#clearCache(boolean) 

Hope this helps. This was done using DDMS to pull the DB and then opening them in SQLlite manager of FireFox. 

- May all beings be well and happy.