I have an application which has both web and api, but I need to disable cookies/sessions for api controller, because devise authenticates user from session, but I need to authenticate user only from data provided in request. I found suggested solution before_action -> { request.session_options[:skip] = true } for api controllers, but this didn't work, it seems like this hook is working only for new sessions but not skips existing. I use rails 4 and devise gem for authentication. Also I found solution to disable cookies/sessions in config/application.rb but I don't need to disable sessions for whole application, only for api controllers.
Solution
According to answer in this question Disable Cookies in Rails 3.x app I solved it by adding
after_filter :skip_set_cookies_header
def skip_set_cookies_header
request.session_options = {}
end
to my API controller.
