diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
index a48ca7e38482e..3e45ee37af08e 100644
--- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -175,7 +175,7 @@ public function onKernelResponse(ResponseEvent $event)
 
         $request = $event->getRequest();
 
-        if (!$request->hasSession() || $request->attributes->get('_security_firewall_run') !== $this->sessionKey) {
+        if (!$request->hasSession() || $request->attributes->getBoolean('_stateless') || $request->attributes->get('_security_firewall_run') !== $this->sessionKey) {
             return;
         }
 
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
index 5389e54ac690f..78ab5acddaf65 100644
--- a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
@@ -146,6 +146,29 @@ public function testOnKernelResponseWithoutSessionNorToken()
         $this->assertFalse($session->isStarted());
     }
 
+    public function testOnKernelResponseWithStatelessAndPreviousSession()
+    {
+        $request = new Request();
+        $request->attributes->set('_security_firewall_run', '_security_session');
+        $request->attributes->set('_stateless', true);
+
+        $session = new Session(new MockArraySessionStorage());
+        $request->setSession($session);
+        $request->cookies->set('MOCKSESSID', true);
+
+        $event = new ResponseEvent(
+            $this->createMock(HttpKernelInterface::class),
+            $request,
+            HttpKernelInterface::MAIN_REQUEST,
+            new Response()
+        );
+
+        $listener = new ContextListener(new TokenStorage(), [], 'session', null, new EventDispatcher());
+        $listener->onKernelResponse($event);
+
+        $this->assertFalse($session->isStarted());
+    }
+
     /**
      * @dataProvider provideInvalidToken
      */

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/57854.diff" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/57854.diff" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/57854.diff" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony/pull/57854.diff" target="_blank">pFad v4 Proxy</a></p></body>
</html>