Fixes after testing in Demo application

src/Symfony/Bundle/SecurityBundle/Resources/config/authenticators.xml

@@ -42,6 +42,7 @@
                  class="Symfony\Component\Security\Core\Authentication\Authenticator\AnonymousAuthenticator"
                  abstract="true">
             <argument /> <!-- secret -->
+            <argument type="service" id="security.token_storage" />
         </service>
     </services>
 </container>

src/Symfony/Component/Security/Core/Authentication/Authenticator/AnonymousAuthenticator.php

@@ -14,6 +14,7 @@ namespace Symfony\Component\Security\Core\Authentication\Authenticator;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\User\User;
@@ -25,15 +26,18 @@ use Symfony\Component\Security\Core\User\UserInterface;
 class AnonymousAuthenticator implements AuthenticatorInterface
 {
     private $secret;
+    private $tokenStorage;
 
-    public function __construct(string $secret)
+    public function __construct(string $secret, TokenStorageInterface $tokenStorage)
     {
         $this->secret = $secret;
+        $this->tokenStorage = $tokenStorage;
     }
 
     public function supports(Request $request): ?bool
     {
-        return true;
+        // do not overwrite already stored tokens (i.e. from the session)
+        return null === $this->tokenStorage->getToken();
     }
 
     public function getCredentials(Request $request)

src/Symfony/Component/Security/Core/Authentication/GuardAuthenticationManager.php

@@ -86,12 +86,14 @@ class GuardAuthenticationManager implements AuthenticationManagerInterface
             $this->handleFailure($exception, $token);
         }
 
-        if (true === $this->eraseCredentials) {
-            $result->eraseCredentials();
-        }
+        if (null !== $result) {
+            if (true === $this->eraseCredentials) {
+                $result->eraseCredentials();
+            }
 
-        if (null !== $this->eventDispatcher) {
-            $this->eventDispatcher->dispatch(new AuthenticationSuccessEvent($result), AuthenticationEvents::AUTHENTICATION_SUCCESS);
+            if (null !== $this->eventDispatcher) {
+                $this->eventDispatcher->dispatch(new AuthenticationSuccessEvent($result), AuthenticationEvents::AUTHENTICATION_SUCCESS);
+            }
         }
 
         return $result;

src/Symfony/Component/Security/Guard/Firewall/GuardAuthenticatorListenerTrait.php

@@ -150,6 +150,11 @@ trait GuardAuthenticatorListenerTrait
             throw new \UnexpectedValueException('Invalid guard authenticator passed to '.__METHOD__.'. Expected AuthenticatorInterface of either Security Core or Security Guard.');
         }
 
+        // @todo implement remember me functionality
+        if (!isset($this->rememberMeServices)) {
+            return;
+        }
+
         if (null === $this->rememberMeServices) {
             if (null !== $this->logger) {
                 $this->logger->debug('Remember me skipped: it is not configured for the firewall.', ['authenticator' => \get_class($guardAuthenticator)]);