I am building stateless restfull API in Yii2. So I created new APP in my advanced app layout (as preferred by Yii2 creators) and configure all necessary things and API worked.

Now I want to make it stateless - I want to disable session and I want it to be accomplished in config/main.php inside my API app to ensure it as global setting.

Also I want to disable cookies and auto login.

What I have been playing now so far is inside Module class

<?php
namespace api\modules\v1;

use \app\models\User;
use yii\filters\auth\HttpBasicAuth;

class Module extends \yii\base\Module
{
    ...
    public function init()
    {
        parent::init();        
        \Yii::$app->user->enableSession = false;
        \Yii::$app->user->enableAutoLogin = false;
      }
    ...
}

But when trying to access data using POSTMAN on Chrome I can see that:

• Cookies are set (PHPSESSID, _csrf, _identity)
• I always get popup asking for username and password

Thanks for your help in advance!

Finally I found out what the problem is. Yii2 worked OK, but Postman had some data stored from the past when cookies and session were enabled. What helped me was deleting browser's history (including cookies), close all instances of browser and rerun.