How to disable session cookies completely in Flask-Security-Too when using token-based authentication?

Question

I'm working on a Flask application using Flask-Security-Too for user authentication. I've enabled token-based authentication by passing tokens in the request headers, and I don't want the application to create or store session cookies for users. However, even with token-based authentication, Flask-Security is still creating and managing session cookies.

Is there a way to fully disable cookie-based session management in Flask-Security, so that no session cookies are created or stored for users?

Here’s my current configuration:

app.config['SECURITY_TOKEN_MAX_AGE'] = 3600  # Token expiration time in seconds
app.config['SECURITY_TOKEN_AUTHENTICATION_ENABLED'] = True  # Enable token authentication
app.config['SECRET_KEY'] = os.environ.get("SECRET_KEY", '****************************')
app.config['SECURITY_CSRF_IGNORE_UNAUTH_ENDPOINTS'] = True
app.config['SESSION_COOKIE_SECURE'] = False  # Disables session cookie over HTTPS
app.config['SESSION_COOKIE_HTTPONLY'] = False  # Allows JS to access the cookie
app.config['SESSION_COOKIE_SAMESITE'] = 'Strict'  # Restricts cross-site access

Despite this setup, after session timeout, I receive the following message when trying to log in using my Angular application again: "You can only access this endpoint when not logged in."

Any help on how to prevent Flask-Security from creating session cookies would be appreciated.