diff --git a/CHANGELOG.md b/CHANGELOG.md
index 56744b19..01c298cf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@ This file is a running track of new features and fixes to each version of the pa
 
 This project follows [Semantic Versioning](http://semver.org) guidelines.
 
+## v1.6.4
+### Fixed
+* Fixes a session management bug that would cause a user who signs out of one browser to be unintentionally logged out of other browser sessions when using the client API.
+
 ## v1.6.3
 ### Fixed
 * **[Security]** Changes logout endpoint to be a POST request with CSRF-token validation to prevent a malicious actor from triggering a user logout.
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 30fcd8ce..a96b32de 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -18,7 +18,6 @@ use Pterodactyl\Http\Middleware\LanguageMiddleware;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
 use Pterodactyl\Http\Middleware\Api\AuthenticateKey;
 use Illuminate\Routing\Middleware\SubstituteBindings;
-use Pterodactyl\Http\Middleware\Api\SetSessionDriver;
 use Illuminate\Session\Middleware\AuthenticateSession;
 use Illuminate\View\Middleware\ShareErrorsFromSession;
 use Pterodactyl\Http\Middleware\MaintenanceMiddleware;
@@ -27,6 +26,7 @@ use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
 use Pterodactyl\Http\Middleware\Api\ApiSubstituteBindings;
 use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
+use Pterodactyl\Http\Middleware\Api\HandleStatelessRequest;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Pterodactyl\Http\Middleware\Api\Daemon\DaemonAuthenticate;
 use Pterodactyl\Http\Middleware\RequireTwoFactorAuthentication;
@@ -68,18 +68,18 @@ class Kernel extends HttpKernel
             RequireTwoFactorAuthentication::class,
         ],
         'api' => [
+            HandleStatelessRequest::class,
             IsValidJson::class,
             ApiSubstituteBindings::class,
-            SetSessionDriver::class,
             'api..key:' . ApiKey::TYPE_APPLICATION,
             AuthenticateApplicationUser::class,
             AuthenticateIPAccess::class,
         ],
         'client-api' => [
-            StartSession::class,
-            SetSessionDriver::class,
-            AuthenticateSession::class,
+            HandleStatelessRequest::class,
             IsValidJson::class,
+            StartSession::class,
+            AuthenticateSession::class,
             SubstituteClientApiBindings::class,
             'api..key:' . ApiKey::TYPE_ACCOUNT,
             AuthenticateIPAccess::class,
diff --git a/app/Http/Middleware/Api/AuthenticateKey.php b/app/Http/Middleware/Api/AuthenticateKey.php
index db469bc5..397ba8c2 100644
--- a/app/Http/Middleware/Api/AuthenticateKey.php
+++ b/app/Http/Middleware/Api/AuthenticateKey.php
@@ -42,8 +42,10 @@ class AuthenticateKey
     }
 
     /**
-     * Handle an API request by verifying that the provided API key
-     * is in a valid format and exists in the database.
+     * Handle an API request by verifying that the provided API key is in a valid
+     * format and exists in the database. If there is currently a user in the session
+     * do not even bother to look at the token (they provided a cookie for this to
+     * be the case).
      *
      * @return mixed
      *
@@ -56,17 +58,17 @@ class AuthenticateKey
             throw new HttpException(401, null, null, ['WWW-Authenticate' => 'Bearer']);
         }
 
-        $raw = $request->bearerToken();
-
-        // This is a request coming through using cookies, we have an authenticated user not using
-        // an API key. Make some fake API key models and continue on through the process.
-        if (empty($raw) && $request->user() instanceof User) {
+        // This is a request coming through using cookies, we have an authenticated user
+        // not using an API key. Make some fake API key models and continue on through
+        // the process.
+        if ($request->user() instanceof User) {
             $model = (new ApiKey())->forceFill([
                 'user_id' => $request->user()->id,
                 'key_type' => ApiKey::TYPE_ACCOUNT,
             ]);
         } else {
-            $model = $this->authenticateApiKey($raw, $keyType);
+            $model = $this->authenticateApiKey($request->bearerToken(), $keyType);
+
             $this->auth->guard()->loginUsingId($model->user_id);
         }
 
diff --git a/app/Http/Middleware/Api/HandleStatelessRequest.php b/app/Http/Middleware/Api/HandleStatelessRequest.php
new file mode 100644
index 00000000..ab697d68
--- /dev/null
+++ b/app/Http/Middleware/Api/HandleStatelessRequest.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace Pterodactyl\Http\Middleware\Api;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class HandleStatelessRequest
+{
+    /**
+     * Ensure that the 'Set-Cookie' header is removed from the response if
+     * a bearer token is present and there is an api_key in the request attributes.
+     *
+     * This will also delete the session from the database automatically so that
+     * it is effectively treated as a stateless request. Any additional requests
+     * attempting to use that session will find no data.
+     *
+     * @return \Illuminate\Http\Response
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        /** @var \Illuminate\Http\Response $response */
+        $response = $next($request);
+
+        if (!is_null($request->bearerToken()) && $request->isJson()) {
+            $request->session()->getHandler()->destroy(
+                $request->session()->getId()
+            );
+
+            $response->headers->remove('Set-Cookie');
+        }
+
+        return $response;
+    }
+}
diff --git a/app/Http/Middleware/Api/SetSessionDriver.php b/app/Http/Middleware/Api/SetSessionDriver.php
deleted file mode 100644
index 1c8f59a0..00000000
--- a/app/Http/Middleware/Api/SetSessionDriver.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-namespace Pterodactyl\Http\Middleware\Api;
-
-use Closure;
-use Illuminate\Http\Request;
-use Illuminate\Contracts\Config\Repository as ConfigRepository;
-
-class SetSessionDriver
-{
-    /**
-     * @var \Illuminate\Contracts\Config\Repository
-     */
-    private $config;
-
-    /**
-     * SetSessionDriver constructor.
-     */
-    public function __construct(ConfigRepository $config)
-    {
-        $this->config = $config;
-    }
-
-    /**
-     * Set the session for API calls to only last for the one request.
-     *
-     * @return mixed
-     */
-    public function handle(Request $request, Closure $next)
-    {
-        $this->config->set('session.driver', 'array');
-
-        return $next($request);
-    }
-}