When the RequireAuthentication setting is set to disabled, eZ will always use a fixed user account for rest calls.

Since this is rest, we're supposed not to use sessions at all.

But the current code will try to create a session anyway: in ezpRestAuthConfiguration::filter(), if the auth filter returns a user account, the setCurrentlyLoggedInUser() function is called, which creates a session.

A small fix could be to avoid the call to setCurrentlyLoggedInUser if the user id of the user account corresponds to the user id of the current account - that would be the case when eg RequireAuthentication has been set to disabled and the default user to be used for rest calls is the anon user