symfony
diff --git a/‎src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php
+19Lines changed: 19 additions & 0 deletions b/‎src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Guard/Tests/GuardAuthenticatorHandlerTest.php
+19Lines changed: 19 additions & 0 deletions
@@ -134,7 +134,7 @@ public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyIn
 
     private function migrateSession(Request $request, TokenInterface $token, $providerKey)
     {
-        if (!$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession() || \in_array($providerKey, $this->statelessProviderKeys, true)) {
+        if (\in_array($providerKey, $this->statelessProviderKeys, true) || !$this->sessionStrategy || !$request->hasSession() || !$request->hasPreviousSession()) {
             return;
         }
 
 
@@ -149,6 +149,25 @@ public function testSessionStrategyIsNotCalledWhenStateless()
         $handler->authenticateWithToken($this->token, $this->request, 'some_provider_key');
     }
 
+    /**
+     * @requires function \Symfony\Component\HttpFoundation\Request::setSessionFactory
+     */
+    public function testSessionIsNotInstantiatedOnStatelessFirewall()
+    {
+        $sessionFactory = $this->getMockBuilder(\stdClass::class)
+            ->setMethods(['__invoke'])
+            ->getMock();
+
+        $sessionFactory->expects($this->never())
+            ->method('__invoke');
+
+        $this->request->setSessionFactory($sessionFactory);
+
+        $handler = new GuardAuthenticatorHandler($this->tokenStorage, $this->dispatcher, ['stateless_provider_key']);
+        $handler->setSessionAuthenticationStrategy($this->sessionStrategy);
+        $handler->authenticateWithToken($this->token, $this->request, 'stateless_provider_key');
+    }
+
     protected function setUp()
     {
         $this->tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
Original file line number	Diff line number	Diff line change
`@@ -134,7 +134,7 @@ public function setSessionAuthenticationStrategy(SessionAuthenticationStrategyIn`
`134`	`134`
`135`	`135`	`private function migrateSession(Request $request, TokenInterface $token, $providerKey)`
`136`	`136`	`{`
`137`		`- if (!$this->sessionStrategy \|\| !$request->hasSession() \|\| !$request->hasPreviousSession() \|\| \in_array($providerKey, $this->statelessProviderKeys, true)) {`
	`137`	`+ if (\in_array($providerKey, $this->statelessProviderKeys, true) \|\| !$this->sessionStrategy \|\| !$request->hasSession() \|\| !$request->hasPreviousSession()) {`
`138`	`138`	`return;`
`139`	`139`	`}`
`140`	`140`