Remove Unused Middleware

[simeonwillbanks]

Since this is an API, we don't want sessions or cookie support. Let's remove the middleware for these.

# No sessions. This removes the need for CSRF protection.
config.middleware.delete "ActionDispatch::Cookies"
config.middleware.delete "ActionDispatch::Session::CookieStore"
config.middleware.delete "ActionDispatch::Flash"

[Aliciawyse]

Is this still an outstanding issue?

[davetron5000]

Stitches still would use these by default—we haven't had a chance to remove them and see how it works in production (though I'd guess you could use stitches in a Rails API mode app just fine)