Prevent Expressjs from creating a session when requests contain an authorization header?

Question

I have an API that can be called either using a browser where requests are transactional and have a session OR directly, eg. using curl, where requests are atomic. Browser reque

Answer 1

You can always just catch the response headers event and remove the 'set-cookie' header:

app.use(function(req, res, next) {
  res.on('header', function () {
    if (req.headers.authorization) {
      delete res._headers['set-cookie'];
    }
  });
  next();
});

You can technically put this anywhere in your middleware chain.