I happen to notice that when I make a request to my API (written in Laravel framework), there is Set-Cookie:
Set-Cookie: laravel_session=eyJpdiI6IlF5SDNLeGlRRTBFSlVJbXROSEZMWlE9PSIsInZhbHVlIjoiRlZXWVJrZERJN0tPRDU1TG40MGpJeURDQjRncUFYWGk4MjRBeFhMVHc3S2w5aW8yRFc1TCt4UWUzTEJnMTRpNkpYYkV6bnZ6Yk85RWF0MGIxaVhXYkE9PSIsIm1hYyI6ImRmNTc0MzRkZGM1ZDg0YWZkMWZjZThjOGI4Y2FlNTI2NjRhN2JjOGU0OTVkMWEwNTMwYTNlZmYxY2Y2ODNiMzkifQ%3D%3D; expires=Fri, 09-Jan-2015 20:49:47 GMT; Max-Age=7200; path=/; httponly
How can I get rid of it or block my Laravel API to not use it? It is possible can add a script in that laravel_session value.
Also, how do I avoid my app to consume the cookie set by the request?
You can disable session cookies for the whole application by changing the session driver to array
In app/config/session.php:
'driver' => 'array'