diff --git a/core/modules/simpletest/src/WebTestBase.php b/core/modules/simpletest/src/WebTestBase.php
index 220ee09..fc088ca 100644
--- a/core/modules/simpletest/src/WebTestBase.php
+++ b/core/modules/simpletest/src/WebTestBase.php
@@ -1487,15 +1487,17 @@ protected function isInChildSite() {
    * @param $headers
    *   An array containing additional HTTP request headers, each formatted as
    *   "name: value".
+   * @param array $curl_options
+   *   (optional) Additional curl options.
    *
    * @return
    *   The retrieved HTML string, also available as $this->getRawContent()
    */
-  protected function drupalGet($path, array $options = array(), array $headers = array()) {
+  protected function drupalGet($path, array $options = array(), array $headers = array(), array $curl_options = array()) {
     // We re-using a CURL connection here. If that connection still has certain
     // options set, it might change the GET into a POST. Make sure we clear out
     // previous options.
-    $out = $this->curlExec(array(CURLOPT_HTTPGET => TRUE, CURLOPT_URL => $this->buildUrl($path, $options), CURLOPT_NOBODY => FALSE, CURLOPT_HTTPHEADER => $headers));
+    $out = $this->curlExec(array(CURLOPT_HTTPGET => TRUE, CURLOPT_URL => $this->buildUrl($path, $options), CURLOPT_NOBODY => FALSE, CURLOPT_HTTPHEADER => $headers) + $curl_options);
     // Ensure that any changes to variables in the other thread are picked up.
     $this->refreshVariables();
 
@@ -1635,8 +1637,10 @@ protected function drupalGetAJAX($path, array $options = array(), array $headers
    *   is done by drupalPostAjaxForm(). This string is literally appended to the
    *   POST data, so it must already be urlencoded and contain a leading "&"
    *   (e.g., "&extra_var1=hello+world&extra_var2=you%26me").
+   * @param array $curl_options
+   *   (optional) Additional curl options.
    */
-  protected function drupalPostForm($path, $edit, $submit, array $options = array(), array $headers = array(), $form_html_id = NULL, $extra_post = NULL) {
+  protected function drupalPostForm($path, $edit, $submit, array $options = array(), array $headers = array(), $form_html_id = NULL, $extra_post = NULL, $curl_options = []) {
     $submit_matches = FALSE;
     $ajax = is_array($submit);
     if (isset($path)) {
@@ -1688,7 +1692,7 @@ protected function drupalPostForm($path, $edit, $submit, array $options = array(
           else {
             $post = $this->serializePostValues($post) . $extra_post;
           }
-          $out = $this->curlExec(array(CURLOPT_URL => $action, CURLOPT_POST => TRUE, CURLOPT_POSTFIELDS => $post, CURLOPT_HTTPHEADER => $headers));
+          $out = $this->curlExec(array(CURLOPT_URL => $action, CURLOPT_POST => TRUE, CURLOPT_POSTFIELDS => $post, CURLOPT_HTTPHEADER => $headers) + $curl_options);
           // Ensure that any changes to variables in the other thread are picked
           // up.
           $this->refreshVariables();
@@ -1981,6 +1985,8 @@ protected function drupalProcessAjaxResponse($content, array $ajax_response, arr
    * @param array $options
    *   (optional) Options to be forwarded to the url generator. The 'absolute'
    *   option will automatically be enabled.
+   * @param array $curl_options
+   *   (optional) Additional curl options.
    *
    * @return
    *   The content returned from the call to curl_exec().
@@ -1988,7 +1994,7 @@ protected function drupalProcessAjaxResponse($content, array $ajax_response, arr
    * @see WebTestBase::getAjaxPageStatePostData()
    * @see WebTestBase::curlExec()
    */
-  protected function drupalPost($path, $accept, array $post, $options = array()) {
+  protected function drupalPost($path, $accept, array $post, $options = array(), array $curl_options = array()) {
     return $this->curlExec(array(
       CURLOPT_URL => $this->buildUrl($path, $options),
       CURLOPT_POST => TRUE,
@@ -1997,7 +2003,7 @@ protected function drupalPost($path, $accept, array $post, $options = array()) {
         'Accept: ' . $accept,
         'Content-Type: application/x-www-form-urlencoded',
       ),
-    ));
+    ) + $curl_options);
   }
 
   /**
diff --git a/core/modules/system/src/Tests/Session/MultipleAuthenticationSessionTest.php b/core/modules/system/src/Tests/Session/MultipleAuthenticationSessionTest.php
new file mode 100644
index 0000000..2ed014c
--- /dev/null
+++ b/core/modules/system/src/Tests/Session/MultipleAuthenticationSessionTest.php
@@ -0,0 +1,47 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\system\Tests\Session\MultipleAuthenticationSessionTest.
+ */
+
+namespace Drupal\system\Tests\Session;
+
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Tests whether multiple authentication providers can both set the session.
+ *
+ * @group Session
+ */
+class MultipleAuthenticationSessionTest extends WebTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  public static $modules = ['basic_auth', 'session_test'];
+
+  public function testLoginWithBasicAuthCredentials() {
+    $user = $this->drupalCreateUser();
+    $this->drupalPostForm('<front>', ['name' => $user->getUsername(), 'pass' => $user->pass_raw], t('Log in'), [], [], NULL, NULL, [
+      CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
+      CURLOPT_USERPWD => $user->getUsername() . ':' . $user->pass_raw,
+    ]);
+    $this->assertResponse(200);
+
+    $this->assertUrl($user->urlInfo());
+  }
+
+  public function ptestRequestWithBasicAuthCredentials() {
+    $admin = $this->drupalCreateUser(['administer site configuration']);
+    $result = $this->drupalGet('session-test/get-session', [], [], [
+      CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
+      CURLOPT_USERPWD => $admin->getUsername() . ':' . $admin->pass_raw,
+    ]);
+    $this->assertResponse(200);
+    $data = json_decode($result);
+    $this->assertEqual([], $data->session);
+    $this->assertEqual($admin->id(), $data->user);
+  }
+
+}
diff --git a/core/modules/system/tests/modules/session_test/session_test.routing.yml b/core/modules/system/tests/modules/session_test/session_test.routing.yml
index 8b9393e..c638efc 100644
--- a/core/modules/system/tests/modules/session_test/session_test.routing.yml
+++ b/core/modules/system/tests/modules/session_test/session_test.routing.yml
@@ -83,3 +83,13 @@ session_test.trace_handler:
     _controller: '\Drupal\session_test\Controller\SessionTestController::traceHandler'
   requirements:
     _access: 'TRUE'
+
+
+session_test.get_session:
+  path: '/session-test/get-session'
+  defaults:
+    _controller: '\Drupal\session_test\Controller\SessionTestController::getSession'
+  options:
+    _auth: ['basic_auth']
+  requirements:
+    _permission: 'administer site configuration'
diff --git a/core/modules/system/tests/modules/session_test/src/Controller/SessionTestController.php b/core/modules/system/tests/modules/session_test/src/Controller/SessionTestController.php
index 1ae9a79..ccf3945 100644
--- a/core/modules/system/tests/modules/session_test/src/Controller/SessionTestController.php
+++ b/core/modules/system/tests/modules/session_test/src/Controller/SessionTestController.php
@@ -149,4 +149,8 @@ public function traceHandler() {
     return new JsonResponse($trace);
   }
 
+  public function getSession(Request $request) {
+    return new JsonResponse(['session' => $request->getSession()->all(), 'user' => $this->currentUser()->id()]);
+  }
+
 }