My code makes extensive use of sessions for things like the logged in user. I have added a stateless API that authenticates on each request, but it uses underlying code that sets session data. In the stateless case, the session is populated on each request. I don''t want it persisted. Is there a way to prevent the session cookie from being set, or do I need to go through and find all of the instances where the session is accessed?