Symfony new session_id in every request

Question

Some days ago I added Custom autenticator to my project and configured security.yaml as this:

security:
    providers:
        app_user_provider:
            entity:
                class: App\Entity\BasePublic\Users
                property: email
                manager_name: default
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: true
            guard:
                authenticators:
                    - App\Security\ApiTokenAuthenticator
    access_control:

In all request old session is destroied and new created or not.

Some session is empty(0kb) and in others is stored all user class with their dependencies(-/+0.5mb)

In some requests its start to trown error:

Warning: SessionHandler::read(): open('sess_folder', O_RDWR) failed: Permission denied (13)

My framework.yaml:

framework:
    secret: '%env(APP_SECRET)%'
    session:
        enabled: true
        handler_id: 'session.handler.native_file'
        save_path: '%kernel.project_dir%/var/sessions/%kernel.environment%'
        cookie_secure: auto
        cookie_samesite: none
        name: session-front

    php_errors:
        log: true

Answer 1

The error was in stateless: false, that mean forgot stateless condition in firewalls. Correct config is that:

security:
    providers:
        app_user_provider:
            entity:
                class: App\Entity\BasePublic\Users
                property: email
                manager_name: default
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: true
            stateless: true
            guard:
                authenticators:
                    - App\Security\ApiTokenAuthenticator
    access_control: