Hi, I want to create a basic stateless site and I want to disable
all sessions and cookies. I made a litle research and I added next 4 settings in beforeAction.

public function beforeAction($action) {

     $this->enableCsrfValidation = false;
     Yii::$app->request->enableCsrfCookie = false;
     Yii::$app->user->enableSession = false;
     Yii::$app->user->enableAutoLogin = false;

The problem is that PHPSESSID cookie is still created.

You need to prevent session_start() calls overall and ensure that autostart isn’t enabled in your php.ini.

1 Like