diff --git a/core/modules/simpletest/src/WebTestBase.php b/core/modules/simpletest/src/WebTestBase.php
index 1ae8e58..9a86e8a 100644
--- a/core/modules/simpletest/src/WebTestBase.php
+++ b/core/modules/simpletest/src/WebTestBase.php
@@ -1488,15 +1488,17 @@ protected function isInChildSite() {
    * @param $headers
    *   An array containing additional HTTP request headers, each formatted as
    *   "name: value".
+   * @param array $curl_options
+   *   (optional) Additional curl options.
    *
    * @return
    *   The retrieved HTML string, also available as $this->getRawContent()
    */
-  protected function drupalGet($path, array $options = array(), array $headers = array()) {
+  protected function drupalGet($path, array $options = array(), array $headers = array(), array $curl_options = array()) {
     // We re-using a CURL connection here. If that connection still has certain
     // options set, it might change the GET into a POST. Make sure we clear out
     // previous options.
-    $out = $this->curlExec(array(CURLOPT_HTTPGET => TRUE, CURLOPT_URL => $this->buildUrl($path, $options), CURLOPT_NOBODY => FALSE, CURLOPT_HTTPHEADER => $headers));
+    $out = $this->curlExec(array(CURLOPT_HTTPGET => TRUE, CURLOPT_URL => $this->buildUrl($path, $options), CURLOPT_NOBODY => FALSE, CURLOPT_HTTPHEADER => $headers) + $curl_options);
     // Ensure that any changes to variables in the other thread are picked up.
     $this->refreshVariables();
 
@@ -1636,8 +1638,10 @@ protected function drupalGetAJAX($path, array $options = array(), array $headers
    *   is done by drupalPostAjaxForm(). This string is literally appended to the
    *   POST data, so it must already be urlencoded and contain a leading "&"
    *   (e.g., "&extra_var1=hello+world&extra_var2=you%26me").
+   * @param array $curl_options
+   *   (optional) Additional curl options.
    */
-  protected function drupalPostForm($path, $edit, $submit, array $options = array(), array $headers = array(), $form_html_id = NULL, $extra_post = NULL) {
+  protected function drupalPostForm($path, $edit, $submit, array $options = array(), array $headers = array(), $form_html_id = NULL, $extra_post = NULL, $curl_options = []) {
     $submit_matches = FALSE;
     $ajax = is_array($submit);
     if (isset($path)) {
@@ -1689,7 +1693,7 @@ protected function drupalPostForm($path, $edit, $submit, array $options = array(
           else {
             $post = $this->serializePostValues($post) . $extra_post;
           }
-          $out = $this->curlExec(array(CURLOPT_URL => $action, CURLOPT_POST => TRUE, CURLOPT_POSTFIELDS => $post, CURLOPT_HTTPHEADER => $headers));
+          $out = $this->curlExec(array(CURLOPT_URL => $action, CURLOPT_POST => TRUE, CURLOPT_POSTFIELDS => $post, CURLOPT_HTTPHEADER => $headers) + $curl_options);
           // Ensure that any changes to variables in the other thread are picked
           // up.
           $this->refreshVariables();
@@ -1982,6 +1986,8 @@ protected function drupalProcessAjaxResponse($content, array $ajax_response, arr
    * @param array $options
    *   (optional) Options to be forwarded to the url generator. The 'absolute'
    *   option will automatically be enabled.
+   * @param array $curl_options
+   *   (optional) Additional curl options.
    *
    * @return
    *   The content returned from the call to curl_exec().
@@ -1989,7 +1995,7 @@ protected function drupalProcessAjaxResponse($content, array $ajax_response, arr
    * @see WebTestBase::getAjaxPageStatePostData()
    * @see WebTestBase::curlExec()
    */
-  protected function drupalPost($path, $accept, array $post, $options = array()) {
+  protected function drupalPost($path, $accept, array $post, $options = array(), array $curl_options = array()) {
     return $this->curlExec(array(
       CURLOPT_URL => $this->buildUrl($path, $options),
       CURLOPT_POST => TRUE,
@@ -1998,7 +2004,7 @@ protected function drupalPost($path, $accept, array $post, $options = array()) {
         'Accept: ' . $accept,
         'Content-Type: application/x-www-form-urlencoded',
       ),
-    ));
+    ) + $curl_options);
   }
 
   /**
diff --git a/core/modules/system/src/Tests/Session/MultipleAuthenticationSessionTest.php b/core/modules/system/src/Tests/Session/MultipleAuthenticationSessionTest.php
new file mode 100644
index 0000000..f813add
--- /dev/null
+++ b/core/modules/system/src/Tests/Session/MultipleAuthenticationSessionTest.php
@@ -0,0 +1,54 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\system\Tests\Session\MultipleAuthenticationSessionTest.
+ */
+
+namespace Drupal\system\Tests\Session;
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Tests whether multiple authentication providers can both set the session.
+ *
+ * @group Session
+ */
+class MultipleAuthenticationSessionTest extends WebTestBase {
+
+  /**
+   * {@inheritdoc}
+   */
+  public static $modules = ['basic_auth', 'session_test', 'node', 'filter'];
+
+  /**
+   *
+   */
+  public function testRequestOnNonBasicAuthRoute() {
+    $node = $this->drupalCreateNode();
+    $user = $this->drupalCreateUser();
+
+    $this->drupalGet($node->urlInfo(), [], [], [
+      CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
+      CURLOPT_USERPWD => $user->getUsername() . ':' . $user->pass_raw,
+    ]);
+
+    $this->drupalGet($node->urlInfo());
+    $this->assertFalse($this->drupalUserIsLoggedIn($user));
+
+    $this->drupalGet('session-test/set/test', [], [], [
+      CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
+      CURLOPT_USERPWD => $user->getUsername() . ':' . $user->pass_raw,
+    ]);
+    $this->drupalGet($node->urlInfo());
+    $this->assertFalse($this->drupalUserIsLoggedIn($user));
+
+    $this->drupalGet($node->urlInfo(), [], [], [
+      CURLOPT_HTTPAUTH => CURLAUTH_BASIC,
+      CURLOPT_USERPWD => $user->getUsername() . ':' . $user->pass_raw,
+    ]);
+
+    $this->drupalGet($node->urlInfo());
+    $this->assertFalse($this->drupalUserIsLoggedIn($user));
+  }
+
+}