Bug description:
I am implementing an OAuth2 flow for users and upon re-loading the react-native-webview with the login url after logging out on iOS devices the authorization form is displayed as it should be however incorrectly on Android devices users are taken straight into the application as if already logged in as if the Auth cookie is present. I have all the props I can see as relevant set below but still no luck.
cacheEnabled={false}
incognito={true}
thirdPartyCookiesEnabled={false}
sharedCookiesEnabled={false}
domStorageEnabled={false}
To Reproduce:
Set the source to any url which requires Auth and sets cookies such as Facebook.com. login and then reload the bundle. On iOS devices you are shown the login form, on Android devices you are logged in already.
Expected behavior:
Cookies should not be set and url should ask for authentication
Environment:
- react-native-webview version: 5.9.1 (6.2.2 not compatible with RN Gesture Handler)
info
React Native Environment Info:
System:
OS: macOS 10.14.4
CPU: (4) x64 Intel(R) Core(TM) i7-4578U CPU @ 3.00GHz
Memory: 26.05 MB / 16.00 GB
Shell: 3.2.57 – /bin/bash
Binaries:
Node: 8.15.0 – /usr/local/opt/node@8/bin/node
npm: 6.4.1 – /usr/local/opt/node@8/bin/npm
Watchman: 4.9.0 – /usr/local/bin/watchman
SDKs:
iOS SDK:
Platforms: iOS 12.2, macOS 10.14, tvOS 12.2, watchOS 5.2
Android SDK:
API Levels: 23, 26, 27, 28
Build Tools: 23.0.1, 26.0.2, 26.0.3, 27.0.3, 28.0.2, 28.0.3
System Images: android-26 | Google APIs Intel x86 Atom_64, android-28 | Google APIs Intel x86 Atom
IDEs:
Android Studio: 3.3 AI-182.5107.16.33.5264788
Xcode: 10.2.1/10E1001 – /usr/bin/xcodebuild
npmPackages:
react: 16.8.3 => 16.8.3
react-native: 0.59.1 => 0.59.1
npmGlobalPackages:
create-react-native-app: 2.0.2
react-native-git-upgrade: 0.2.7
i don’t want incognito because the app needs to store various cookies to function. the problem is that android does not delete cookies in one particular scenario even though it has been instructed to do so.