diff --git a/core/modules/user/src/Authentication/Provider/Cookie.php b/core/modules/user/src/Authentication/Provider/Cookie.php
index abab567..bac9e15 100644
--- a/core/modules/user/src/Authentication/Provider/Cookie.php
+++ b/core/modules/user/src/Authentication/Provider/Cookie.php
@@ -10,7 +10,6 @@
 use Drupal\Core\Authentication\AuthenticationProviderInterface;
 use Drupal\Core\Database\Connection;
 use Drupal\Core\Session\AccountInterface;
-use Drupal\Core\Session\AnonymousUserSession;
 use Drupal\Core\Session\UserSession;
 use Drupal\Core\Session\SessionConfigurationInterface;
 use Symfony\Component\HttpFoundation\Request;
@@ -68,8 +67,9 @@ public function authenticate(Request $request) {
    * @param \Symfony\Component\HttpFoundation\Session\SessionInterface $session
    *   The session.
    *
-   * @return \Drupal\Core\Session\AccountInterface
-   *   The UserSession object for the current user.
+   * @return \Drupal\Core\Session\AccountInterface|NULL
+   *   The UserSession object for the current user, or NULL if this is an
+   *   anonymous session.
    */
   protected function getUserFromSession(SessionInterface $session) {
     if ($uid = $session->get('uid')) {
@@ -95,6 +95,9 @@ protected function getUserFromSession(SessionInterface $session) {
         return new UserSession($values);
       }
     }
+
+    // This is an anonymous session.
+    return NULL;
   }
 
 }