I'd like to disable (remove) "Cookie" header when responding as json. Actually I could set Config::set('session.driver', 'array') on filter with Laravel 4.2.

If I did in L5 (version 5.0.5), I got following error at log file.

[YYYY-MM-DD ..:..:..] local.ERROR: exception 'ErrorException' with message 'Undefined index: _sf2_meta' in /foo/bar/vendor/laravel/framework/src/Illuminate/Session/Store.php:280
Stack trace:
#0 /foo/bar/vendor/laravel/framework/src/Illuminate/Session/Store.php(280): Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(8, 'Undefined index...', '/foo/bar/ve...', 280, Array)
#1 /foo/bar/vendor/laravel/framework/src/Illuminate/Session/Store.php(251): Illuminate\Session\Store->addBagDataToSession()
#2 /foo/bar/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(89): Illuminate\Session\Store->save()
#3 /foo/bar/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(129): Illuminate\Session\Middleware\StartSession->terminate(Object(Illuminate\Http\Request), Object(Illuminate\Http\JsonResponse))
#4 /foo/bar/public/index.php(57): Illuminate\Foundation\Http\Kernel->terminate(Object(Illuminate\Http\Request), Object(Illuminate\Http\JsonResponse))
#5 {main}

Ok, it turns out, that it is no longer possible to change session/cookie driver within route middlewares. You have to specify the middleware BEFORE Illuminate\Session\Middleware\StartSession middleware.

Solution: 1. Create your own middleware:

class ApiSession implements Middleware{
    public function handle($request, Closure $next){
        $path = $request->getPathInfo();

        if(strpos($path, '/api/') === 0){
            \Config::set('session.driver', 'array');
            \Config::set('cookie.driver', 'array');
        }

        return $next($request);
    }
}

2. Add it in Kernel file (app/Http/Kernel.php) before Session middleware:

[..] ApiSession::class, // Check if an API request. If so, set session, cookie drivers Illuminate\Session\Middleware\StartSession::class, [..]

The bad part is that you cannot use it with route groups. You have to check for your self if this middleware is applied by checking the current url path.

Anyway if you want to disable cookies on all request, you can remove the if statement as is:

// myapp/app/Http/Middleware/ApiSession.php

<?php

namespace App\Http\Middleware

use Closure;

class ApiSession {

         public function handle($request, closure $next){

               \Config::set('session.driver', 'array');
               \Config::set('cookie.driver', 'array');

         }
}

And remember to add/modify your kernel.php as showed "Mārtiņš Briedis". Now, your app don't use cookies.

this code Config::set('session.driver' , 'array') disable laravel_session ... that in set-cookie Header set and above code disabled that HEADER , but another HEADER with name Set-Cookie exist for XRFF-TOKEN ,for disable this problem you should override the middleware VerifyCsrfToken .

below code add in app->Http->MiddleWare->VerifyCsrfToken.php and add this function to VerifyCsrfToken class

    protected function addCookieToResponse($request, $response)
{
    $config = config('session');        
    if ($config['driver'] == 'array' || !$this->shouldPassThrough($request))
    {        
        return $response;
    }else
    {
        $response->headers->setCookie(
            new Cookie(
                'XSRF-TOKEN', $request->session()->token(), time() + 60 * $config['lifetime'],
                $config['path'], $config['domain'], $config['secure'], false
            )
        );
    }
    return $response;
}