The "stateless" nature of REST means each client request to the server must be self-contained, carrying all the information needed for the server to understand it, without the server relying on prior session data.

Server-side session authentication inherently introduces state on the server. When a user logs in, the server creates a session and typically stores an ID (often in a cookie on the client). Subsequent requests include this ID, allowing the server to identify the user.

Therefore, an application using server-side sessions for authentication is **not strictly stateless overall** because the authentication mechanism itself is stateful. However, the API endpoints handling resources can still be stateless, as each request to access or modify data can be independent once the user is authenticated (via the session).

https://www.amazon.com/Navigate-Automation-Seas-Practical-Showcases-ebook/dp/B0DHYGGSDF/
For a clearer understanding of the stateless principle in REST, especially concerning authentication, Chapter 3 and Chapter 8 of "Navigate the Automation Seas" provides a focused explanation.