diff --git a/core/lib/Drupal/Core/Session/SessionManager.php b/core/lib/Drupal/Core/Session/SessionManager.php
index 0beeeda..7b79e25 100644
--- a/core/lib/Drupal/Core/Session/SessionManager.php
+++ b/core/lib/Drupal/Core/Session/SessionManager.php
@@ -229,10 +229,9 @@ public function regenerate($destroy = FALSE, $lifetime = NULL) {
     }
     session_id(Crypt::randomBytesBase64());
 
-    // @todo As soon as https://drupal.org/node/2238087 lands, the token seed
-    //   can be moved onto Drupal\Core\Session\MetadataBag. The session manager
-    //   then needs to notify the metadata bag when the token should be
-    //   regenerated.
+    // @todo The token seed can be moved onto \Drupal\Core\Session\MetadataBag.
+    //   The session manager then needs to notify the metadata bag when the
+    //   token should be regenerated. https://drupal.org/node/2256257
     if (!empty($_SESSION)) {
       unset($_SESSION['csrf_token_seed']);
     }
@@ -381,9 +380,9 @@ protected function getSessionDataMask() {
     //   session once obsolete. Since that is not guaranteed to be the case,
     //   this check force-ignores the CSRF token, so as to avoid performance
     //   regressions.
-    //   As soon as https://drupal.org/node/2238087 lands, the token seed can be
-    //   moved onto \Drupal\Core\Session\MetadataBag. This will result in the
-    //   CSRF token to be ignored automatically.
+    //   The token seed can be moved onto \Drupal\Core\Session\MetadataBag. This
+    //   will result in the CSRF token being ignored automatically.
+    //   https://drupal.org/node/2256257
     $mask['csrf_token_seed'] = FALSE;
 
     // Ignore attribute bags when they do not contain any data.