Android WebView clear Basic Authentication Credentials

Question

I've made an app that authenticates with a server using basic authentication. However I cannot clear out the credentials so this means I have two unresolved issues:

• The user cannot logout without exiting the program
• If the user enters in the credentials wrong they have to exit and re-enter the program

I've tried numerous different implementations of my own, and many recommended on this website. I've camped out #android-dev on freenode to no avail. So this is my last option.

Here is my example code for the WebView (I've taken out some stuff, but the primary code is essentially the same):

    wv = new WebView(getBaseContext());
    wv.setWebViewClient(new WebViewClient() {
        boolean error = false;
        int count = 0;
        int checked = 0;

        @Override
        public void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, String host, String realm) {
            count++;
            if (count >= 3) {
                Toast.makeText(getBaseContext(), "Login Failed. Please Try Again.", Toast.LENGTH_LONG).show();

            } else {
                handler.proceed(getUser(), getPass());
            }// end else
        }// end onReceivedHttpAuthRequest


        @Override
        public void onPageStarted(WebView view, String url, Bitmap favicon) {

        }// onPageStarted

        // on success switch activities
        @Override
        public void onPageFinished(WebView view, String url) {

            if (view.getTitle().equalsIgnoreCase("fooTitle")) {

                // switch activities
                Intent fooActivity = new Intent(getBaseContext(), fooActivity.class);
                startActivity(fooActivity);
            } else {
                //failed
            }// end else
        }// end onPageFinished
    });// end setWebViewCleint

    wv.getSettings().setJavaScriptEnabled(true);
    wv.loadUrl(url);

Only the first time I run it does it run onReceivedHttpAuthRequest. If I logout and log back in it will run onPageStarted and then onPageFinished with previous credentials. So if I logout and enter in a new user, I log back in with the original user. Or if I enter in a wrong username and password it will just hang on OnPageStarted. I've tried using onReceivedError and the http error one as well to no benefit.

Here is some of the code I've tried to deauth with my logout() method and all over in other parts of the code as well. I've tried many different variations of this as well:

    wv.clearCache(true);
    wv.setHttpAuthUsernamePassword(host, realm, "","");
    clearCacheFolder(this.getCacheDir());
    clearCacheFolder(this.getExternalCacheDir());
    this.getBaseContext().deleteDatabase("webview.db");
    this.getBaseContext().deleteDatabase("webviewCache.db");
    WebViewDatabase.getInstance(getBaseContext()).clearHttpAuthUsernamePassword();
    WebViewDatabase.getInstance(getBaseContext()).clearUsernamePassword();
    WebViewDatabase.getInstance(getBaseContext()).clearFormData();
    WebStorage.getInstance().deleteAllData();
    wv.setHttpAuthUsernamePassword(host, realm,
    username, password);

The ClearCacheFolder refers to the method markjan posted here: Android Webview - Completely Clear the Cache

Answer 1

@Override
public void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, String host, String realm) {
    count++;
    if (count >= 3) {
    handler.cancel();// after adding this line of code my
                     //problem is solved. Hope it will for you too.

    Toast.makeText(getBaseContext(), "Login Failed. Please Try Again.", Toast.LENGTH_LONG).show();

    } else {
        handler.proceed(getUser(), getPass());
        }// end else
    }

Answer 2

Try this:

    CookieSyncManager.createInstance(this);
    CookieManager cookieManager = CookieManager.getInstance();
    cookieManager.removeAllCookie();

I used this in VKontakte Login Activity to clear saved username/password in webview.