WebService should not return session cookie

Description

When testing FusionDirectory webservices with Postman, I get some strange issues and I found it was because webservice is setting a cookie. When a client call login method with a cookie from a previous login method, there is no new session created.

FusionDirectory Version

1.2

Plugin with the defect

WebService

Steps to Reproduce

Curl debug:

*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 80 (#0)
> POST /fusiondirectory/jsonrpc.php HTTP/1.1
> Host: localhost
> User-Agent: curl/7.55.1
> Accept: */*
> Cache-Control: no-cache
> content-type: application/json
> Content-Length: 74
>
* upload completely sent off: 74 out of 74 bytes
< HTTP/1.1 200 OK
< Date: Mon, 12 Mar 2018 17:56:29 GMT
< Server: Apache/2.4.27 (Ubuntu)
< Set-Cookie: FusionDirectory=lu1eb08gqt5h0l4gj9j8if2qak; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Set-Cookie: FusionDirectory=s3h0aj27llsqppueqnucqhvfud; path=/
< Vary: Accept-Encoding
< Content-Length: 563
< Content-Type: text/html; charset=UTF-8

Expected behavior:

There should not be Set-Cookie in the response.

Actual behavior:

Cookie is set.

Reproduces how often:

Always

Additional Information

It is possible with PHP to not send cookies when using sessions:

    ini_set("session.use_cookies",0);
    ini_set("session.use_only_cookies",1);