Forums » Privacy Browser Android Forum »
Cookies not deleted
Added by j ojo over 2 years ago
When I login to a website, delete cookies and clear the browsers cache afterwards, I expect the browser to fully forget the activity. That be, not logged in anymore.
But I'm still logged in! Only clearing the cache of Android Webview erases cookies/logs me out.
How come not all traces of my online activity are erased when I close the PRIVACY browser? What's the use of 'privacy browser' when the backdoor (android Webview) is wide open? Is it a setting I missed?
Any suggestions?
Replies (2)
Service Workers - Added by Soren Stoutner over 2 years ago
It sounds to me like you have discovered the horrible world of service workers and why they are such a bad idea.
https://en.wikipedia.org/wiki/Progressive_web_application#Service_workers
https://developer.mozilla.org/en-US/docs/Web/API/Service_Worker_API
https://developer.chrome.com/docs/workbox/service-worker-overview/
Service workers have their own cache (that is a core aspect of their entire existence) that is separate from the main WebView cache. They can keep you logged in when all cookies and the normal WebView cache are cleared.
That is why, when you run Clear and Exit with the default settings, the entire `app_webview` directory is deleted, which contains all the service worker information. See the following bug report for a little bit of background.
https://redmine.stoutner.com/issues/84
With Privacy Browser PC I have been able to mitigate this by using an off-the-record profile, but I am not aware of a way to do that with Android's System WebView.
https://doc.qt.io/qt-5/qwebengineprofile.html#QWebEngineProfile
Currently the Service Worker directory is deleted after each webpage finishes loading if Incognito Mode is enabled. I haven't made this the default as I am unsure what the effects of this would be on websites that depend on service workers (it is possible they might work with a copy in RAM, but I have not done a lot of testing). Do you still have this problem when you enable Incognito Mode?
RE: Cookies not deleted - Added by Soren Stoutner over 2 years ago
I am going to test out deleting the Service Worker directory after every page load.