diff --git a/actionpack/lib/action_dispatch/middleware/flash.rb b/actionpack/lib/action_dispatch/middleware/flash.rb
index cf9165d008..a3be2daa05 100644
--- a/actionpack/lib/action_dispatch/middleware/flash.rb
+++ b/actionpack/lib/action_dispatch/middleware/flash.rb
@@ -45,6 +45,7 @@ module ActionDispatch
       # read a notice you put there or <tt>flash["notice"] = "hello"</tt>
       # to put a new one.
       def flash
+        return Flash::NullFlash unless session.respond_to?(:loaded?)
         flash = flash_hash
         return flash if flash
         self.flash = Flash::FlashHash.from_session_value(session["flash"])
@@ -79,6 +80,20 @@ module ActionDispatch
       end
     end
 
+    module NullFlash #:nodoc:
+      class << self
+        def []=(k, v); end
+
+        def [](k); end
+
+        def alert=(message); end
+
+        def notice=(message); end
+
+        def empty?; end
+      end
+    end
+
     class FlashNow #:nodoc:
       attr_accessor :flash
 
diff --git a/railties/lib/rails/application/default_middleware_stack.rb b/railties/lib/rails/application/default_middleware_stack.rb
index 2b5cba4726..1f18234f07 100644
--- a/railties/lib/rails/application/default_middleware_stack.rb
+++ b/railties/lib/rails/application/default_middleware_stack.rb
@@ -67,10 +67,10 @@ module Rails
               config.session_options[:secure] = true
             end
             middleware.use config.session_store, config.session_options
-            middleware.use ::ActionDispatch::Flash
           end
 
           unless config.api_only
+            middleware.use ::ActionDispatch::Flash
             middleware.use ::ActionDispatch::ContentSecurityPolicy::Middleware
             middleware.use ::ActionDispatch::PermissionsPolicy::Middleware
           end
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 78b604c6f3..8c9168c1d2 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -582,6 +582,23 @@ module ApplicationTests
       end
     end
 
+    test "EtagWithFlash module doesn't break when the session store is disabled" do
+      make_basic_app do |application|
+        application.config.session_store :disabled
+      end
+
+      class ::OmgController < ActionController::Base
+        def index
+          stale?(weak_etag: "something")
+          render plain: "else"
+        end
+      end
+
+      get "/"
+
+      assert last_response.ok?
+    end
+
     test "Use key_generator when secret_key_base is set" do
       make_basic_app do |application|
         application.secrets.secret_key_base = "b3c631c314c0bbca50c1b2843150fe33"