diff --git a/core/lib/Drupal/Core/Authentication/Provider/Cookie.php b/core/lib/Drupal/Core/Authentication/Provider/Cookie.php
index 9875a85..ccd9228 100644
--- a/core/lib/Drupal/Core/Authentication/Provider/Cookie.php
+++ b/core/lib/Drupal/Core/Authentication/Provider/Cookie.php
@@ -7,7 +7,6 @@
 
 namespace Drupal\Core\Authentication\Provider;
 
-use Drupal\Component\Utility\Crypt;
 use Drupal\Core\Authentication\AuthenticationProviderInterface;
 use Drupal\Core\Database\Connection;
 use Drupal\Core\Session\AccountInterface;
@@ -77,25 +76,31 @@ public function authenticate(Request $request) {
    *   The current user object.
    */
   protected function getUserFromSession(SessionInterface $session) {
-    $values = $this->connection->query("SELECT u.*, s.* FROM {users_field_data} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE u.default_langcode = 1 AND s.sid = :sid", [
-      ':sid' => Crypt::hashBase64($session->getId()),
-    ])->fetchAssoc();
+    $values = $this->connection->select('users_field_data', 'u')
+      ->fields('u')
+      ->condition('default_langcode', 1)
+      ->condition('uid', $session->get('uid'))
+      ->execute()
+      ->fetchAssoc();
 
     if ($values && $values['uid'] > 0 && $values['status'] == 1) {
       // We found the client's session record and they are an authenticated,
       // active user.
-      $rids = $this->connection->query("SELECT ur.roles_target_id as rid FROM {user__roles} ur WHERE ur.entity_id = :uid", [
-        ':uid' => $values['uid'],
-      ])->fetchCol();
+      $rids = $this->connection->select('user__roles', 'ur')
+        ->fields('ur', ['rid' => 'roles_target_id'])
+        ->condition('entity_id', $values['uid'])
+        ->execute()
+        ->fetchCol();
       // Add user's roles.
       $values['roles'] = array_merge([AccountInterface::AUTHENTICATED_ROLE], $rids);
+      $values['session'] = serialize($_SESSION);
       return new UserSession($values);
     }
     elseif ($values) {
       // The user is anonymous or blocked. Only preserve two fields from the
       // {sessions} table.
       return new UserSession([
-        'session' => $values['session'],
+        'session' => serialize($_SESSION),
         'access' => $values['access'],
       ]);
     }
diff --git a/core/lib/Drupal/Core/Session/SessionManager.php b/core/lib/Drupal/Core/Session/SessionManager.php
index 35dcc2f..3257e39 100644
--- a/core/lib/Drupal/Core/Session/SessionManager.php
+++ b/core/lib/Drupal/Core/Session/SessionManager.php
@@ -170,6 +170,7 @@ protected function startNow() {
     // Restore session data.
     if ($this->startedLazy) {
       $_SESSION = $session_data;
+      $this->loadSession();
     }
 
     return $result;
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 04a7136..c730a92 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -527,8 +527,8 @@ function user_login_finalize(UserInterface $account) {
   // in place.
   \Drupal::currentUser()->setAccount($account);
   \Drupal::service('session')->migrate();
+  \Drupal::service('session')->set('uid', $account->id());
   \Drupal::logger('user')->notice('Session opened for %name.', array('%name' => $account->getUsername()));
-
   \Drupal::moduleHandler()->invokeAll('user_login', array($account));
 }