core/lib/Drupal/Core/Access/RouteProcessorCsrf.php             | 3 +--
 core/lib/Drupal/Core/Cache/Context/SessionCacheContext.php     | 2 ++
 core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php | 3 ---
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php b/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php
index 5300cd7..f469459 100644
--- a/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php
+++ b/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php
@@ -53,10 +53,9 @@ public function processOutbound($route_name, Route $route, array &$parameters, B
         $placeholder = hash('sha1', $path);
         $placeholder_render_array = [
           '#lazy_builder' => ['route_processor_csrf:renderPlaceholderCsrfToken', [$path]],
-          // Tokens are per user and per session.
+          // Tokens are per session.
           '#cache' => [
             'contexts' => [
-              'user',
               'session',
             ],
           ],
diff --git a/core/lib/Drupal/Core/Cache/Context/SessionCacheContext.php b/core/lib/Drupal/Core/Cache/Context/SessionCacheContext.php
index 7f3c3de..474032e 100644
--- a/core/lib/Drupal/Core/Cache/Context/SessionCacheContext.php
+++ b/core/lib/Drupal/Core/Cache/Context/SessionCacheContext.php
@@ -9,6 +9,8 @@
 
 /**
  * Defines the SessionCacheContext service, for "per session" caching.
+ *
+ * Cache context ID: 'session'.
  */
 class SessionCacheContext extends RequestStackCacheContextBase {
 
diff --git a/core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php b/core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php
index 581fb74..84d487e 100644
--- a/core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php
+++ b/core/tests/Drupal/Tests/Core/Access/RouteProcessorCsrfTest.php
@@ -78,7 +78,6 @@ public function testProcessOutbound() {
       '#lazy_builder' => ['route_processor_csrf:renderPlaceholderCsrfToken', [$path]],
       '#cache' => [
         'contexts' => [
-          'user',
           'session',
         ],
       ],
@@ -104,7 +103,6 @@ public function testProcessOutboundDynamicOne() {
       '#lazy_builder' => ['route_processor_csrf:renderPlaceholderCsrfToken', [$path]],
       '#cache' => [
         'contexts' => [
-          'user',
           'session',
         ],
       ],
@@ -129,7 +127,6 @@ public function testProcessOutboundDynamicTwo() {
       '#lazy_builder' => ['route_processor_csrf:renderPlaceholderCsrfToken', [$path]],
       '#cache' => [
         'contexts' => [
-          'user',
           'session',
         ],
       ],