Fully disable cookies in Laravel 4 API

Question

I am using Laravel to build a RESTful API. I use Basic HTTP Auth (Authenticate header), with this filter:

Route::filter('auth', function()
{
    $credentials = ['email' => Request::getUser(), 'password' => Request::getPassword()];

    if (!Auth::once($credentials)) {
        $response   = ['error' => true, 'message' => 'Unauthorized request'];
        $code       = 401;
        $headers    = ['WWW-Authenticate' => 'Basic'];

        return Response::json($response, $code, $headers);
    }
});

It works, but Laravel then tries to set a cookie for the user (sending a Set-Cookie header). I tried setting the session.driver configuration key to array, only to see it now sends a Set-Cookie: laravel_session=deleted thingy.

How can i fully disable this Set-Cookie header?

Thank you.

Answer 1

Try this - dirty, but works for me.
The example is for a single route, can be modified to manage route prefix and so on.
First, create a directory inside app/config for a specific environment, let's say stateless.
Then, place a session.php file inside app/config/stateless, with code like below:

<?php
return array(
    'driver' => 'array'
);

Finally, modify the detectEnvironment part in bootstrap/start.php:

$env = $app->detectEnvironment(function()
{
    if ($_SERVER['REQUEST_URI'] == '/your/route') return 'stateless';
});

Answer 2

you need to create your filter like follws in laravel 4, 4.2

Route::filter('no.session.cookie', function()
{
    Config::set('session.driver', 'array');
    Config::set('cookie.driver', 'array');
});

In laravel 5, 5.1 set middleware handle() like follows

public function handle($request, Closure $next){
  \Config::set('session.driver', 'array');
  \Config::set('cookie.driver', 'array');
 return $next($request);
}