…ed (alamirault)This PR was squashed before being merged into the 6.3 branch.Discussion----------Set request stateless only if the attribute is not definedsymfony/symfony#48044 added in 6.3 was updated insymfony/symfony#49997.This PR ajust behavior documentationCommits-------20ee4d7 Set request stateless only if the attribute is not defined

…he request when firewall is stateless and the attribute is not already set (MatTheCat)This PR was submitted for the 7.2 branch but it was merged into the 6.4 branch instead.Discussion----------[SecurityBundle] Revert adding `_stateless` attribute to the request when firewall is stateless and the attribute is not already set| Q             | A| ------------- | ---| Branch?       | 6.4| Bug fix?      | yes| New feature?  | no| Deprecations? | no| Issues        |Fix#50715| License       | MIT#40372 was about routes matching both stateful and stateless firewalls: you couldn’t easily configure them as stateless under a stateless firewall only.#48044 fixed it by linking these two attributes: a stateless firewall then implied a stateless request. While it can sound logical, this impacted many projects using the session while authenticating users in a stateless fashion.At last,#49997 allowed to override this behavior by explicitly configuring routes as *not* stateless. This kind of proved that#48044 was a mistake: you cannot tell a request must be stateless only because it matches a stateless firewall.As such, this PR reverts#48044 (and consequently#49997) so that configuring routes as stateless is the developers responsibility alone. It also reopens#40372, but I think this issue should be fixed in an opt-in way (with a new `firewall.stateless.with_routes` boolean configuration in the SecurityBundle e.g.).Commits-------47baed9 [SecurityBundle] Revert adding `_stateless` attribute to the request when firewall is stateless and the attribute is not already set