What's the difference between adding an attribute directly to a request (request.addAttribute()) and adding an attribute to the users session in the request (request.getSession().addAttribute())?
The difference is that in the first case, the data is stored in the Request object, but in the second case the data is stored in the HttpSession object - a completely different object which is stored on the server side and is available across many user requests.
You might be assuming that since you can get the session from the request (request.getSession()) they are similar or the same thing, but they are very different. The request is only available for one request. The session is available across many requests. The general use is to save information that is required for maintaining state across requests in the session object.